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HP Plans Thin-Client 
System With PC Blades 


Sees new technology as PC replacement that 
could cut companies’ desktop TCO in half 





BY PATRICK THIBODEAU 
Hewlett-Packard Co. last 

week detailed a plan to mar- 
ket thin-client systems based 


have the potential to replace 
up to half of the existing 

desktops in midsize and larg- 
er companies. 

The PC blade 

system, called the 
HP Consolidated 
Client Infrastruc- 
ture, will be avail- 


ONLINE: Sun makes an 
AMD-based blade server 
Quicklink 43285 
www.computerworld.com 


able in March. It consists of 
a thin client connected toa 


| dedicated rack-mounted 
blade in the data center. The 
on PC blades, which it claims | 


blade will run Microsoft 
Corp.’s Windows XP and use 
Transmeta Corp.'s Efficeon 


| processor. 


PC over four years. 

One company eyeing PC 
blades to reduce desktop 
costs is Wells’ Dairy Inc., 
maker of Blue Bunny brand 
ice cream products in La 
Mars, Iowa. 

The company already has 
some thin clients attached to 


servers, but Kim Norby, vice 


HP claims its PC blades can 


halve the total 
cost of ownership 
for desktops, 
which it puts at 
about $8,000 per 


Feds Say IT Security Lacking 


Regulation likely if 
private sector doesn’t 


protect infrastructure | 


BY DAN VERTON 
SANTA CLARA, CALIF 


Secretary of 
Homeland 


groups “know, as do we, that 


president of IT, said he’s con- 
sidering PC blades to cut 
desktop costs. “We’re cer- 
tainly very driven to contin- 


} ue to do more with what we 


have and be able to support 
HP Blades, page 60 


a few lines of code could ulti- | j 


mately wreak as much havoc 
as a handful of bombs.” 
Ridge encouraged the IT 


industry and the private busi- | } 


nesses that own and operate 


critical infrastructures to 


| more than 85% of the nation’s | 


berspace depends on the in- 


| vestment and commitment of 


Atsed 


Think your top IT talent is staying put? 
Think again. Half your IT middle managers 
may be headed out the door when the 
economy improves. Some have already 
checked out, mentally. Here’s what you 
can do about it. Page 47 


lead the nation’s cybersecuri- | each of you and the business- 
ty efforts. “The continued | es you represent,” he said. 
| success of protecting our cy- Cybersecurity, page 16 


_ Offshore Support Questioned 


desire to reduce labor costs 
| with customer satisfaction 


Security 
Tom Ridge 
last week 
warned the 
IT industry 
that the na- 
tion’s critical 
infrastruc- 
ture presents 


Ridge says cyber- 


auiaenim Vendors must balance 
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or industry efforts. “an attrac- 


tive target for terrorists” — a 
target that his top cybersecu- 
rity advisers said will be pro- 
tected by government regula- 
tion if the private sector fails 
to bolster security. 

Speaking to more than 300 
IT executives at the first Na- 
tional Cyber Security Summit 
here, Ridge said terrorist 





user satisfaction with 


desire to curb costs 


BY BOB BREWIN 
Offshore technical support 
services have become a fact 
of life for many technology 
vendors and their customers. 
But both vendors and users 
last week said support opera- 
tions have to balance their 





| considerations. 


The issue came to the fore- 


| front late last month, when 


Dell Inc. said it was returning 


| phone-based technical sup- 


port for its corporate PCs to 
the U.S. because of com- 
plaints from some users 
about the quality of service 
they received from a call cen- 
Support, page 16 








> 





‘Ee Canon Color imageRUNNER?® C3200 with 
imageWARE™ Publishing Manager is anything 
but business as usual. Actually, it’s a totally new 
way of working that lets you create and print 
professional-quality color booklets, catalogs, 
brochures...you name it. In-house, right at your | 
desktop. With imageWARE Publishing Manager, ss pee = 
rr rae nm ener aie 
different applications to form a single document. 
And we're just scratching the surface. This means 
no more endless waiting for that all-important 
document. See? At long last, you're in control. 
And ultimately, you're not stressing out. The 
Canon Color inageRUNNER C3200 with 
imageWARE Publishing Manager. For fast, 
affordable in-house color with professional-quality 


finishing. So say goodnight to business as usual. 


You can import images or text streams, create 


and format chapters, renumber pages, insert 
www.imagerunner.com 


1-800-OK-CANON 


headers and footers. You can apply editing, 
page imposition, print settings, and professional 
finishing. You can share it all with co-workers. 


You can manage it all every step of the way. 


Canon know sow 


Canon and Canon Know How are registered trademarks of Canon inc. IMAGERUNNER is a registered trademark of Canon Inc. in the U.S. and Canada. IMAGEWARE is 
a trademark, and IMAGEANYWARE is a service mark of Canon U.S.A., Inc. ©2003 Canon U.S.A., Inc. Product shown with optional accessories. imageWARE Publishing 
Manager must be purchased separately, and has minimum O/S, hardware and software requirements. Contact your local Canon imageWARE dealer for details 
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Moving Data to the Mountain 


In the Technology section: Once a limestone mine, 
Iron Mountain’s underground facility was designed 


to protect corporate data from a nuclear blast. Today, 
its electronic data center helps clients comply with a 


spate of new regulations. Page 34 
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Security group releases draft 
guidelines for defining the 
chief security officer role. 


IBM hopes EMC’s customers 

will switch to its storage prod- 
ucts with the help of its Piper 

data migration technology. 


NetApp forges alliances as 
part of a plan to offer software 
with its storage devices. 


CA adds a Web services man- 
agement tool to its Unicenter 
product line. 


The Pentagon is working with 
the private sector to develop 
common RFID standards. 


BPM tools offer many bene- 
fits, but rollouts can be chal- 
lenging, users say. 


Las Vegas public schools are 
rolling out a $31 million back- 
bone network and digital/IP 
phone system. 


? Start-up offers software for 


designing data center racks. 


PeopleSoft is changing the 
pricing plan for J.D. Edwards 
products. 


Patch management options 
proliferate in Blaster’s wake. 


IT hiring plans for 2004 vary 
from company to company. 


22 BEA and IBM team up to 


work on new Java specs. 


60 Microsoft loosens up its poli- 


cy for licensing its intellectual 
property. 


: 36 


Future Watch: The New Inter- 
net. Scientists are working 

on the next generation of the 
Internet, which will be self- 
aware and able to automati- 
cally determine the best way 
to deliver data and services — 
not to mention faster, more 
reliable and more secure 


: 40 Security Manager’s Journal: 


Single Sign-on Effort Falls 
Short. Mathias Thurman’s 
company merges its directo- 
ries and moves toward single 
sign-on authentication, but 
implementing the system has 
some unexpected and un- 
desired effects. 
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Already Gone. Recent surveys 
indicate that when the econo- 
my improves, many IT middle 
managers may bolt out the 
door. Here’s why — and what 
you can do about it. 


The Pros & Cons of CMM. 
Offshore outsourcers tout 
their high Capability Maturity 
Model ratings, yet many U.S. 
companies can’t take advan- 
tage of such quality and can 
end up paying for more than 
they need. 


Preventing P2P Abuse. 
University IT managers have 
become experts in combating 
the computer security and 
network-overload problems 
caused by peer-to-peer file 
swapping. Corporate IT man- 
agers can learn from their 
experiences. 


8 On the Mark: Mark Hall en- 
counters a rare marketing bird 
— one who thought Comdex 
was a success. And will IBM 
continue to run Eclipse? 


24 Maryfran Johnson knows 
there’s loads of dissatisfaction 
among IT workers, but she 
has found two simple, low- 
cost ways to boost morale. 


24 Pimm Fox believes it’s possi- 
ble to save precious network 
bandwidth and protect your 
organization from copyright- 
violation problems. 


25 Thornton A. May minces few 
words when chastising Micro- 
soft and Sun for the “discon- 
nects” that threaten the long- 
term value of IT. 


44 Tommy Peterson suggests 
technologies to put on the 
next wish list you take to 
upper management. 


54 Bart Perkins says upstarts are 
undercutting big outsourcers. 
That's bad news for the giants, 
but it could mean falling 
prices for their clients. 


62 Frankly Speaking: Frank 
Hayes dismisses White House 
efforts to help IT secure sys- 
tems, saying it’s a lot of talk 
and little substance. 
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Also in the Technology section: Six months after its 
release, Windows Server 2003’s early adopters 
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The Pathway to a 
Service-Oriented Architecture 
DEVELOPMENT: Four steps to realizing 
business benefits from Web services. 


© QuickLink 43264 
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MOBILE/WIRELESS: A checklist for meeting 
the security challenges posed by handhelds 
and other mobile devices. @ QuickLink 42963 


Keeping Vendors on Their Toes 
STORAGE: Maintaining multiple suppliers is a 
good way to keep vendors on their toes and 
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cal issues to be aware of? @ QuickLink 43243 


Security: An Executive Concern 


SECURITY: Information security isn’t just an 
IT matter; it’s also an organizational issue to 
be reckoned with at the executive level, says 
John De Santis, CEO of Sygate Technologies. 
He calls for new measures that gauge net- 
work security. @ QuickLink 43210 


Storage Gains Stature 


STORAGE: The role of storage is evolving, 
especially in the wake of 9/1] and recent 
financial scandals, says Marc Farley, presi- 
dent of Building Storage. @ QuickLink 43238 


Driving Successful CRM Adoption 
SOFTWARE: Without user buy-in, even the 
best software can fail. Here’s how to encour- 
age employees to use the system you just 
installed. @ QuickLink 43024 
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AT DEADLINE | 
Io Craft CSO Position 


Microsoft Corp. today plans to an- | 


Microsoft Upgrades 
CRM Applications 


nounce an upgrade of its CRM 
software that’s designed to pro- 
vide tighter security and simpli- 


fied installation. Version 1.2 of Mi- | 
| BY JAIKUMAR VIJAYAN 


crosoft CRM also supports more 
languages and will be offered out- 
side of North America for the first 
time, company officials said. The 
software is available in North 
America now and will be released 
elsewhere next month. 


intel Sees Strong 
Revenue in Q4 


Intel Corp. said it expects fourth- 
quarter revenue to come in at the 
high end of the range it projected 
earlier in the quarter. Citing 
strong microprocessor sales, Intel 
said business should total be- 
tween $8.5 billion and $8.7 bil- 
lion. However, the company 


added that it will take a $600 mil- | 


lion charge to account for a re- 
duction in the long-term growth 
forecast for its wireless network- 
ing business unit. 


Software AG Trims 
Development Focus 


Darmstadt, Germany-based Soft- 
ware AG said it’s narrowing the 
focus of its software development 
operations to two product lines in 
a cost-cutting move. The compa- 
ny will concentrate on XML-based 
integration tools and its main- 
frame software, which may be ex- 
panded through acquisitions. In 
addition, technical support for the 
XML tools is being shifted from 
Germany to India. 


Short Takes 


YAHOO INC. upgraded its instant 
messaging software to plug a 
buffer overrun security vulnerabil- 
ity that attackers could use to run 
malicious code on unprotected 
systems. . . . DELL INC. is offering 
a Linux distribution developed by 
Beijing-based Red Flag Software 
Co. on most models of the Power- 
Edge servers it sells in China. 





NEWS 


(guidelines Released 


Job requires understanding of a wide 
range of IT and other risks, group says. 


KNOWLEDGE of in- 
formation security 
risk management is 
just one of the many 


| skills that a chief security offi- 


cer needs for crafting, influ- 


encing and directing an effec- 


tive organizationwide protec- 


tion strategy. 


Increasingly, the job also 


| calls for an understanding of 
issues as diverse as emergency | 
| preparedness, crisis manage- 


ment and response, physical 
security, disaster recoverabili- 


| ty, and privacy and regulatory 
| matters. That’s the assessment 


of Alexandria, Va.-based ASIS 
International, a 33,000-mem- 
ber group of security profes- 
sionals that last week released 
draft guidelines that compa- 


| nies can use when developing 
| CSO positions. 


“There’s been a lot of dis- 
cussion on the need for organi- 
zations to create a centralized 
governance function for many 


| areas of risk,” said Jerry Bren- 


nan, president of Vienna, Va.- 
based Security Management 
Resources Inc. and one of the 


| drafters of the document. 


Defining the Job 
The guidelines are the result 
of an attempt to give a formal 
definition of the scope, re- 
sponsibilities, reporting rela- 
tionships and experience 
needed to do the job, he said. 
“There wasn’t much avail- 
able that addressed the pulling 
together, from a governance 
perspective, of all of the areas 
of security risk that an organi- 
zation faces,” Brennan said. 
“So we decided to try and 
craft a document that would 
be broad-based and truly rep- 
resent what the CSO position 
would be in an organization.” 
The ASIS guidelines come 
at a time when a growing 





number of security profes- 


| sionals say there needs to be a 


top-level management posi- 
tion to oversee all aspects of 


| operational risk. 


“T have always found it pre- 
posterous to suggest that there 
are separate disciplines that 


| require separate management” 


when it comes to operational 
security, said Dennis Treece, 
director of corporate security 
at the Massachusetts Port Au- 
thority in Boston. 
For example, installing a pri- 

vacy officer who is separate 
from the rest of the security 


| team only “fragments the ef- 


fort and ensures that the phys- 
ical and virtual aspects of pri- 
vacy have to be laboriously 
coordinated,” Treece said. The 
same is true when it comes to 
having separate chief informa- 
tion security officer and CSO 
functions. “Having been both 
separately and now both at the 
same time, I can state with 
confidence that combining 
them makes the most sense,” 
he added. 

Even so, security profes- 
sionals agree that only a rela- 
tively small number of compa- 





nies have created a formal 
CSO function because of the 
substantial political and orga- 
nizational challenges that 
need to be overcome in creat- 
ing the role. Issues such as 
scope, reporting relationships 
and ownership of risk man- 
agement functions can all be 
sticking points. 


Broadening the Scope 

The popular notion of the 
CSO being in charge solely of 
IT and physical security func- 
tions has also somewhat limit- 
ed the effectiveness of the 
role, said David W. Stacy, glob- 
al IT security director at St. 
Jude Medical Inc., a $1.6 bil- 
lion manufacturer of medical 


| equipment in St. Paul, Minn. 


“IT prefer the concept of the 
chief risk officer that encom- 
passes these two areas” while 
also including other functions 
such as privacy, risk insurance 
and regulatory compliance, 
Stacy said. 

“So, moving to a CSO model 
that only deals with IT securi- 
ty and physical security may 
be a logical first step to even- 
tually getting to a CRO mod- 
el,” he added. “But even hav- 
ing a CSO would be a revolu- 
tion, as opposed to an evolu- 
tion, in many organizations.” 
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But some security profes- 
sionals have trouble with 
the concept of having an all- 
encompassing role. 

For one thing, “there is a 
huge difference between the 
practice of physical security 
management and information 
security management,” said 
Eddie Schwartz, chief technol- 
ogy officer at Securevision 
LLC, a Fairfax, Va.-based con- 
sultancy. “While both disci- 
plines have the use of technol- 
ogy as a common element, the 
background and education of 
the practitioners are distinct.” 

There’s also the danger of 
rolling far too many functions 
under the CSO umbrella, 
| Schwartz said. “It’s an unnat- 
ural organization of activities 
and doomed to failure in most 
organizations,” he said. 





@ 43322 


Relationship Management Key Skill for CSO Role 


Relationship management skills 
are a top requirement for a suc- 
cessful chief security officer, ac- 
cording to ASIS International's 
recently released draft guide- 
lines for the function. 

Because of the wide scope of 
the job, CSOs must be able to 
“influence and nurture” relation- 
ships with business-unit leaders, 
government officials and profes- 
sional organizations, according 
to the ASIS guidelines. 

“Having good political, collab- 
orative and marketing skills [is] 
critical for a CSO or chief risk of- 


ficer,” said David Stacy, a securi- 
ty director at St. Jude Medical. 

Also crucial is subject-matter 
expertise. CSOs must either 
have the knowledge themselves 
or must ensure that adequate 
technical expertise is available to 
cost-effectively deliver security 
services, he said. 

“Anyone with solid experience 
in one or more of the risk areas 
could do the job, as long as [he 
is] surrounded with experienced 
subject-matter experts and actu- 
ally listens to them,” Stacy said. 

“The CSO has to be able to 


carry the water in the senior ex- 
ecutive environment,” said Den- 
nis Treece, director of corporate 
security at the Massachusetts 
Port Authority. “This means 
communicating effectively with 
the CEO and the board. The CSO 
must know how to create and 
defend a budget in a constrained 
fiscal environment. He needs to 
have a résumé that garners re- 
spect and must keep that re- 
spect by being a team player, not 
someone who is always crying 
that the sky is falling.” 

- Jaikumar Vijayan 
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IBM Lures EMC Users With 


New Data-Migration Offering 


Piper technology allows for transfers 
of data while systems remain online 





BY LUCAS MEARIAN 

IBM last week announced a 
data migration technology and 
services designed to lure EMC 
Corp. storage users to switch 
to IBM disk arrays, with the 
promise that corporate infor- 
mation can be transferred in a 
nondisruptive way. 

IBM’s migration program 
involves 100 consultants in its 
professional services business 
unit who have been trained to 
use a new device called Piper. 
The appliance, developed over 
the past year, uses built-in 
data migration engines to 
move information from rival 
disk arrays to IBM’s products, 
including its Enterprise Stor- 
age Server (known as Shark) 
and FAStT product lines. 

Piper splits the data stream 
from an array so information 
can flow to IBM’s replacement 





| storage device in addition to 


the existing host server. That 
allows data to be transferred 

while the system stays online, 
although the migration speed 
is slower than if the work was 


| done off-line, said Lou Sciac- 


chetano, worldwide vice presi- 
dent of competitive storage 
sales at IBM. 

Sciacchetano said Piper can 
pull data from storage devices 
made by EMC and nine other 
vendors. But IBM is targeting 
EMC with the migration ser- 
vice. “There’s lots of old, pro- 
prietary EMC boxes out there 
— 30,000 by my last count,” 


| he said. 


IBM has been using Piper as 
part of a beta-testing program 
and said the migration offer- 
ing has already helped it win 
over former EMC users like 
Royal Caribbean Cruises Ltd., 


Minnesota’s Hennepin Coun- 


| ty, Insurance Services Office 
| Inc. and the U.S. Department 
| of Agriculture. 


Bob Cosby, storage adminis- 
trator at the Department of 
Agriculture’s National Finance 
Center, said he completed the 


| second phase of an ongoing 


migration from two older- 


| model EMC Symmetrix arrays 
| to an IBM Shark over the 


weekend after Thanksgiving. 


| Cosby wanted to upgrade to 


newer storage technology to 


| gain features such as snapshot 


copying, which allows instan- 
taneous backups of data. 
Cosby said that, with IBM’s 


| help, he transferred about 
| 2.5TB of data between the ar- 


rays in 48 hours. “The thing I 


love about it is you’re not 


spinning your own CPU cy- 
cles,” he said, noting that the 
migration process was trans- 
parent to his applications. 
According to Cosby, EMC 


| and Hitachi Data Systems 


Corp. bid against IBM for the 
finance center’s new data stor- 
age contract. Although the ri- 
val arrays were comparable in 
cost, IBM undercut the com- 
petition on storage manage- 
ment software, he added. 

EMC doesn’t use an appli- 
ance similar to Piper to move 
data to its arrays. But Chuck 
Hollis, EMC’s vice president 
of platform marketing, said the 
Hopkinton, Mass.-based com- 
pany has offered its own non- 
disruptive migration technolo- 
gy since 1995. “We use a com- 
bination of host software and 
storage-based replication, cou- 
pled with a rigorous planning 
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methodology, to execute data 
migrations with a minimum of 
time, effort and risk,” Hollis 
said. He added that during the 
past two years, EMC has mi- 
grated more than 1,000TB of 
IBM-stored data for 100-plus 
customers. 

Nonetheless, Piper gives 
IBM a leg up on other storage 
vendors, said Anne MacFar- 
land, an analyst at The Clipper 
Group Inc. in Wellesley, Mass. 
“These days, when you don’t 
have that weekend window all 
the time to perform data mi- 
grations, you're going to have 
to do it while things are up and 
running,” she said. @ 43287 


IBM’S PIPER APPLIANCE 


= Has two configurations, 
one for migrating mainframe 
data and another (pictured) 
for transferring data from 
Unix, Windows and NetWare 
sysiems. 


= Can move data to IBM’s 
Shark and FAStT disk arrays, 
plus its externally attached 
7133 Serial Disk System. 


® Is designed to work with 
storage devices made by 
EMC and nine other vendors. 


NetApp Signs Partnering Deals to Broaden Data Tools 


Adds hardware, 
looks for help on 
life-cycle software 


BY LUCAS MEARIAN 

Network Appliance Inc. last 
week announced partnerships 
with Cisco Systems Inc., Veri- 
tas Software Corp. and FileNet 
Corp. as part of a plan to offer 
integrated storage systems for 
information life-cycle manage- 
ment, regulatory compliance 
and disk-based data backup. 

In addition, NetApp intro- 
duced several products, in- 
cluding two new file servers 
and an upgraded version of its 
NearStore disk array for sec- 
ondary storage. 

The Sunnyvale, Calif.-based 
company also upgraded an ap- 
pliance that provides network- 
attached storage (NAS) file- 
serving capabilities to storage- 





area networks (SAN), using 
disk arrays from other ven- 
dors for back-end storage 
(see box). 

Regarding its partnerships, 
NetApp said it’s qualifying its 
storage devices for use with 
Cisco’s MDS 9000 family of 
multiprotocol SAN directors 
and switches. NetApp also 
plans to resell the switches 
and directors, starting with 
Cisco’s MDS 9100 series fabric 


| switches. Those devices will 


be available within 45 days, 


| the company said. 


To boost its bid to piece to- 


| gether a more complete set of 


tools for automatically con- 
trolling data throughout its 
entire life cycle, NetApp also 


| will resell FileNet’s content 


management software and 
Veritas’ storage and data man- 
agement products. 

Carolyn DiCenzo, an analyst 





at Gartner Inc., said NetApp in 
| June made a storage manage- 


ment application program- 
ming interface available for 
use by other vendors and is 
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now trying to use the API to 


| expand its sales. 


The deal with FileNet lets 
NetApp offer FileNet’s Image 


; Manager, Content Manager 
| and Records Manager applica- 


tions. Meanwhile, NetApp will 
integrate Veritas’ Data Life- 
cycle Manager and NetBackup 
software with its products. 
According to NetApp offi- 
cials, the addition of Data Life- 
cycle Manager will enable 
storage managers to do policy- 
based migration and archiving 


| of data between NetApp’s de- 


vices and a mix of servers. 
NetBackup will let users send 
backup copies of data on Mi- 
crosoft Exchange servers and 
file systems running on Win- 
dows, Unix and Linux hosts to 
NearStore arrays, said Rich 


Boberg, NetApp’s senior direc- | 


tor of technology partnering. 
“Sixty percent of our cus- 


tomer base uses Veritas for 
tape-based backup,” Boberg 
said. “Having this as a seam- 
less transition for them to go 
from tape to disk backup is a 
huge advantage for them.” 

Randy Kerns, an analyst at 
Evaluator Group Inc. in Green- 
wood Village, Colo., said the 
information life-cycle manage- 
ment plans pit NetApp against 
storage rival EMC Corp. ina 
new way. EMC has become a 
competitor to both Mountain 
View, Calif.-based Veritas and 
Costa Mesa, Calif.-based 
FileNet through recent deals 
to acquire software vendors 
Legato Systems Inc. and Docu- 
mentum Inc. 

The alliances make sense 
from that standpoint, Kerns 
said. But he added that Net- 
App is “not planning on be- 


| coming a storage management 


software company. They’re 
providing capabilities for the 
companies already in that 


space.” © 43323 
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IBM Shifts Focus 
On Software Sales 


IBM said it’s reorganizing and 
retraining the sales force in its 
$13.1 billion software group to 
increase the unit’s focus on in- 
dustry-specific sets of products. 
More than half of IBM’s 13,000 
software sales workers will be 
assigned to vertical industries 
over the next 12 months. IBM 
will also shift its marketing and 
development to emphasize appli- 
cation packages involving its five 
major software product lines. 


Sun Ends Talks 
Over Java Deal. . . 


Sun Microsystems Inc. said it 
has ended negotiations over a 
deal to merge its NetBeans Java 
development framework with 
the open-source Eclipse technol- 
ogy backed by IBM. Sun said it 
withdrew from the talks because 
the company wasn’t offered 

“an equitable share in mutual 
development.” IBM declined to 
comment. 


... And Rolls Out 
Blades, Software 


In other Sun news, the company 
announced a series of products 
at its European SunNetwork con- 
ference, including a blade server 
offering that supports devices 
based on both its UltraSparc 
processors and Intel Corp.’s x86 
chips. Sun also released server 
and desktop software bundles 
with per-employee pricing it 
detailed in September [QuickLink 
41523]. 


Linux Kernel Flaw 
Blamed for Attack 


The developers of the open- 
source Debian Linux software 
said a recent intrusion into four 
of its servers was enabled by a 
flaw in the Linux 2.4 kernel. The 
vulnerability affects versions of 
the kernel prior to Linux 2.4.23. 
Patches were posted by Red Hat 
Inc. and other Linux developers. 
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MARK HALL ®ON THE MARK 


SonicWall Boomed at 
The Comdex Show ... 


... Says marketing VP Douglas Brockett, who acknowledged that his 
experiences might be contrary to those of other companies reported 
in this paper and elsewhere. Even given his satisfaction, he’s not sure 
whether the venerable trade show, or any general technology trade 
show for that matter, will make it into his marketing budget in 2004 
and beyond. “IT experts will get their less-technical information on the Web,” 
Brockett argues. But you won’t just travel in the virtual world; he 


thinks you'll be heading to smaller, tar- 
geted conferences, “where like-minded 
people will discuss matters of common 
interest in detail.” Brockett claims the 
small but steady stream of Comdexers 
who visited SonicWall Inc.’s booth were 
attracted by the low-cost TZW line of se- 
cure wireless network units that fits well 
into remote-office operations and will be 
upgraded to 802.llg next year. The fact 
that the Sunnyvale, Calif.-based company 
resells its Pro 3060 and Pro 4060 virtual 
private network con- 

centrators to Cisco Sys- 

tems Inc. probably gave 


| 
| 
| 
| 
| 


cure access they need for the applica- 
tions they want to use. ® If you really want 
secure communications, go fax. “Faxes are 
traceable, hackproof and virusproof,” 
claims Mark Malone, senior product 
manager for Captaris Inc.’s RightFax fam- 
ily. The company’s products link into ap- 
plication workflows, from supply chains 
to law-office operations. In the RightFax 
world, pages are sent electronically to PC 
desktops or fax printers, Malone says, so 
there’s more flexibility and control about who 
sees what and when. He 
boasts that RightFax 
has a good chunk of 


corporate IT booth visitors 
warm fuzzies as well. 
They also undoubtedly 
liked hearing about the 
2004 firmware upgrades 
to the Pro line that will 
let them handle a mix of 
Secure Sockets Layer 
(SSL) and IPsec traffic, 
cutting down on the 
number of systems to 
manage while giving 
users the levels of se- 


p rp. in El Segundo, Calif., 
Yee m NUL Bacl cr tcEb aCe tc) 
for J2EE or WebSphere-based ap- 
plication integration projects. As 
Pea RUE MR esc ay aoy 
and tools, Candle will offer four 
new consulting services for devel- 
een Rt at yd od oe R eg 
application integration work. Not to 
mention a Workbench tool set de- 
signed to improve application scal- 
FM eUen se eurllece 


market share already, 
yet the client/server 
product will be over- 
hauled by the third 
quarter of next year. 
The software is being 
redesigned using .Net 
and will swap out its pro- 
prietary Raima database 
for either Microsoft SQL 
Server or MySQL. But 
users won't have to 
wait that long to see 
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other changes. In February, Release 8.7 
will have improved support for Notes and 
Exchange, and a couple of months later, 
Version 9.0 will include antispam features. 
If you’re in the health care market, you 


| have to wait only until next month to get 


HIPAA privacy features. That means lab 
techs can see only the patient data that’s 
relevant to them and administrators can 
access even less. ® Less is more for the 
developers at Scapa Technologies Ltd. in 
Edinburgh. Scapa is a major contributor 
to Hyades, the monitoring and testing 
project for the open-source Eclipse 
framework. CEO Michael Norman says 
that by leveraging Hyades inside Eclipse, 
his team will have to crank out only 20% of 
the code needed to deliver plug-in tools 
for software writers. Granted, the 80% 
delivered by the open-source community 
is the relatively easy infrastructure part. 
Still, it means Scapa’s plug-ins will get to 
market faster, like the Jan. 1 release of 
Scapa StressTest-Express. Designed for 
e-commerce applications, the testing tool 
can simulate an unlimited number of 
users running an application through its 
paces, banging on everything from SSL to 
database access. Norman expects Scapa 
to eventually deliver testing tools for 
Web-based applications using SAP and, 
he hopes, Oracle. ® Eclipse is being 
spearheaded by IBM, which sees the de- 
velopment framework as an alternative to 
Microsoft Corp.’s .Net. But Eclipse’s ris- 
ing popularity means IBM will need to re- 
linquish control of the project. Already at 
60 IT vendor members and growing 
monthly, “it needs to break away from the 
mother ship,” Norman says. He predicts 
the next executive director of Eclipse won’t be 
from IBM. Once that happens, expect to 
see the likes of Oracle Corp. and Sun Mi- 
crosystems Inc. jump on board. Microsoft, 
too? Not in your wildest dreams. @ 43310 








BY CAROL SLIWA 


| Companies that have reached 


the stage where they need to 
manage Web services have 
typically had to turn to small, 
specialty vendors for assis- 


| tance. But they will get a new 
option today when Computer 


Associates International Inc. 
releases the latest addition to 
its Unicenter product line. 
Unicenter Web Services 
Distributed Management 


| (WSDM) can be embedded 


into both Java- and .Net-based 





CA Offers New Option for 
Web Services Management 


application servers to natively 
observe XML traffic in real 
time, according to Marc Camm, 
a director of business develop- 
ment at CA. He said the ap- 
proach will give users a better- 
performing option than the 
agent- and proxy-based prod- 
ucts in the market provide. 
“Each application server has 
its own SOAP stack, and we 
live at that level,” Camm said. 
He said the Unicenter WSDM 
leverages a company’s existing 
infrastructure and needs to be 


| 





| installed at only one of the 


endpoints of the Web services 
application. “There’s no need 
for a new logical or physical 


| tier,” he said. 


Nick Gall, an analyst at Meta 
Group Inc., said he has seen 
little user demand for Web 
services management products 
to date. He estimated that he 
has spoken with no more than 
20 clients that have enough 
Web services in production to 
warrant management tools. 

But Gall said the CA an- 
nouncement is noteworthy be- 
cause a major vendor is finally 
shipping a product in the Web 
services management market, 
even though it’s just a 1.0 re- 





| lease. He added that the prod- 


uct will eventually comply 
with standards being devel- 
oped through the Organiza- 
tion for the Advancement of 
Structured Information Stan- 
dards in Billerica, Mass. 

CA said its latest Unicenter 
offering is part of a collection 
of products that will enable 
end-to-end management of a 
Web services environment. 

Pricing for Unicenter 
WSDM starts at $25,000 per 
server. The product can be 
embedded into application 
servers from BEA Systems 
Inc., IBM, Microsoft Corp., 
The JBoss Group LLC and Sun 
Microsystems Inc. @ 43335 
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NEWS 


DOD, Corporate RFID 
Backers Seek Standard 


Pentagon official says two sides are 


close to deal on common specifications 





BY BOB BREWIN 
KEY PENTAGON sup- 
ply chain official 
last week said the 
U.S. Department of 
Defense is working with EPC- 
global Inc. to develop radio 
frequency identification 
(RFID) standards that could 
satisfy the needs of both cor- 
porate and military users. 

Alan Estevez, assistant 
deputy undersecretary of De- 
fense for supply chain integra- 
tion, said during a press brief- 
ing that the standards process 
is complex. But Estevez added 
that he thinks the DOD and 
Boston-based EPCglobal can 
agree on common standards 
“in a matter of months.” 

The possibility that suppli- 
ers would have to support two 
sets of RFID standards arose 
in October, after the DOD 
mandated the use of RFID tags 
on shipping pallets and crates 
starting in early 2005 — a 
deadline similar to one that 
Wal-Mart Stores Inc. has set 
for its top suppliers. 


EPC vs. ISO 


Wal-Mart and other corporate 
users plan to adopt the elec- 
tronic product code (EPC) 
standards being developed by 
EPCglobal. But the Pentagon 
said the tags its suppliers use 
will have to conform to speci- 
fications from the Internation- 
al Standards Organization 
[QuickLink 42347]. 

The DOD and EPCglobal 
are now cooperating to devise 
a set of standards that could 
be incorporated into the ISO’s 
work, according to Estevez. 

He added that the passive 
RFID devices Wal-Mart wants 
to use in its supply chain 
should accommodate most 
of the DOD’s requirements, 
although military officials are 
seeking a data storage capaci- 
ty that’s larger than the 96-bit 





limit supported by existing 


| commercial tags. 


The expanded capacity is 
needed to support the unique 
identification numbers that 


| the DOD assigns to “high-val- 


ue” goods that cost more than 
$5,000, Estevez said. The tags 


| used by the military will also 
| have to be capable of handling 


multiple reads and writes of 
data, he added. 

Mike Liard, an analyst at 
Natick, Mass.-based Venture 
Development Corp., said 
blending EPCglobal’s stan- 


| dards into the ISO’s specifi- 


cations would alleviate the 


| added costs that suppliers say 





they will face if the DOD and 
Wal-Mart support different 
approaches. 

In addition, both Wal-Mart 
and the Pentagon could reap 
economic gains from using the 
so-called Class 1, Version 2 tag 
envisioned by EPCglobal, 
Liard said. That’s because 
Texas Instruments Inc. and 
Royal Philips Electronics NV 
are both gearing up to pro- 
duce the new devices in large 
quantities, which is expected 
to result in lower costs com- 
pared with existing RFID tags. 

Estevez declined to say 
how much it will likely cost 
the DOD to install the IT in- 
frastructure needed to sup- 
port RFID in its supply chain, 
including the addition of 
RFID readers in warehouses 





Will start in January 2005 
with its top 100 suppliers; ex- 
pects all suppliers to adopt 
itm Om Ue tgae) 40106) 


Teme ley TU ee UE UTE Te| 
at Texas distribution centers 
serving about 150 stores 


and supply depots. 

He acknowledged that it’s 
unrealistic to expect all of the 
military’s 43,000 suppliers to 
begin using RFID tags by Janu- 
ary 2005. Estevez’s statement 
came one day after the DOD 
disclosed more details about 
its RFID plans to key suppliers 
at a meeting in Fairfax, Va. 

In a presentation at the 
RFID meeting, Estevez said 
the Pentagon wants to get its 
top 100 suppliers on board 
with RFID tags by the start of 
2005 and add another 400 
companies by the middle of 
that year. All suppliers should 


Users Benefit From Business Performance 


| Software supports 


planning, tracks 


financial targets 


BY MARC L. SONGINI 


BOSTON 

Companies can improve their 
internal operations and slash 
costs through the use of busi- 
ness performance manage- 


| ment (BPM) tools, according 


to attendees at a conference 
on the technology. But there 
are considerable challenges to 
be surmounted, they warned. 
BPM projects involve the 


| use of business intelligence 


software, such as balanced 
scorecard or analytic applica- 


| tions, to help executives pre- 


pare plans and analyze corpo- 


| rate performance via a dash- 
board-style user interface. 


The need for CEOs and 
chief financial officers to com- 
ply with the accounting and 
reporting mandates of the 
Sarbanes-Oxley Act has given 
the BPM market a boost, said 





Craig Schiff, CEO of BPM Part- 
ners Inc. The Stamford, Conn- 
based consulting firm co-spon- 
sored last week’s Performance 
Management Conference with 
the Digital Consulting Insti- 
tute in Andover, Mass. 

A BPM system can deliver a 
holistic view of business per- 
formance, allowing executives 
to identify revenue and cost 
savings opportunities, Schiff 
said. But software costs can 
range from $75,000 to more 
than $500,000, he added. 

And setting up BPM proc- 
esses can be difficult, accord- 


NEW DEVELOPMENTS 





Tools but Say Rollouts Pose Challenges 


ing to a half-dozen users. 

“The biggest challenge, and 
I don’t care what kind of con- 
sultant you get or what you 
do, [is that] you truly have to 
understand what drives your 
business,” said Celia Spitz, 
vice president of planning and 
analysis at Miami-based Vitas 
Healthcare Corp., which pro- 
vides hospice services. 

IT and business managers 
who are implementing BPM 
systems must decide “what 
the critical bits of information 
are that make a difference ina 
business,” Spitz noted. “If you 
don’t, it’s just regurgitating 
data for ‘analysis paralysis’ 
and doesn’t tell you anything.” 

Vitas Healthcare uses a 
homegrown executive dash- 
board that’s connected to on- 
line analytical processing soft- 
ware developed by Applix Inc. 
in Westboro, Mass. Spitz said 
the BPM system has helped 
the company reduce its auto- 
mileage and overtime costs. 

RSA Security Inc. uses soft- 
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begin using the devices by Jan- 
uary 2006, he added. 

Some attendees at the RFID 
meeting described it as more 
collaborative than a similar 
event Wal-Mart held for its 
suppliers last month. But 
Estevez said the DOD has 
“drawn a line in the sand” 
on the use of RFID tags. 

“Tt’s going to be in every 
contract,” he said. @ 43341 


ware that was developed by 
Comshare Inc., which is now 
part of Markham, Ontario- 
based Geac Computer Corp., 
to measure whether financial 
targets are met. The software 
has paid for itself, said David 
Stack, manager of corporate 
financial planning and analy- 
sis at RSA, a security software 
vendor in Bedford, Mass. 

But Stack added that mea- 
suring how much of a return 
on investment RSA is getting 
is hard because many of the 
performance improvements 
made possible by the BPM 
system are qualitative. 

For Viasys Healthcare Inc., 
the toughest part of its BPM 
rollout was ensuring that end 
users employed the system, 
because its blueprint validates 
the accuracy and consistency 
of data, said Matt Gualtieri, fi- 
nance project manager at the 
medical products maker in 
Conshohocken, Pa. 

But the hard work has paid 
off, Gualtieri added. “I think 
the pain and effort of going 
through implementing a sys- 
tem like this is worth it, be- 
cause it forces you to do 
things better.” @ 43334 
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3Com, EDS Agree 
On Reseller Deal 


Continuing an effort to revitalize 
its enterprise networking sales, 
3Com Corp. announced a deal for 
Electronic Data Systems Corp. to 
resell its routers, switches and 
voice products. The global agree- 
ment is 3Com’s first with a top- 
level IT services provider. But EDS 
said the deal isn’t as comprehen- 
sive as an existing one it has with 
3Com rival Cisco Systems Inc. 


Canadian Railway 
Hands IT to IBM 


Canadian Pacific Railway Ltd. 
said it has signed a seven-year, 
$154 million (U.S.) outsourcing 
deal with IBM Canada Ltd., which 
will manage the Calgary, Alberta- 
based railroad company’s IT in- 
frastructure. About 100 IT work- 
ers at Canadian Pacific Railway 
are being transferred to the IBM 
subsidiary along with data cen- 
ters in Calgary and Toronto. 


CGI Signs Two 
Outsourcing Pacts 


Montreal-based CGI Group Inc. 
announced a pair of IT outsourc- 
ing contracts. CGI said it will 
manage all IT operations at Alcan 
Inc.’s Rolled Products North 
America division in Cleveland as 


In addition, CGI has signed a 10- 
year, $167 million contract with 
The Robert Plan Corp., a Beth- 
page, N.Y.-based auto insurer. 


Hong Kong Firm Is 
Top Pivotal Bidder 


Pivotal Corp., a CRM software 
vendor in Vancouver, British Co- 
lumbia, said a unit of Hong Kong- 
based Chinadotcom Corp. has 
topped two other buyout bidders 
with a $52 million offer. Pivotal 
last month agreed to sell itself to 
an investment firm that wanted to 
merge the company with Talisma 
Corp. in Kirkland, Wash. But the 
investment firm last week said it’s 
releasing Pivotal from that deal. 


| Alcatel SA’s OmniPCX Enter- 


| $15 million and should be 


| is spending an additional $16 
| million to outfit its offices and 


| can operate in both digital and 


| other two years to finish. 
part of a 10-year, $113 million deal. | 


| phone system are designed to 
| to support the school system’s 


| adding new schools at the rate 
| of one per month. 


| just because it’s Vegas, but this 


| nology,” Brody said. 





NEWS 


Las Vegas Schools Mix IP 
Digital Communications 


$31M project includes new backbone 
network, plus 27000 dual-mode phones 





BY MATT HAMBLEN | 
HE PUBLIC SCHOOLS 
in Las Vegas are near- 
ing the midpoint of a 
backbone network in- 
stallation that will support one 
of the largest IP-enabled phone 
systems deployed worldwide 
— acommunications upgrade 
that’s expected to cost a total 
of $31 million. 

By early January, half of the 
289 schools in the Clark Coun- 
ty School District will be con- 
nected to an IP-based metro- 
politan-area network based on 


prise technology, said Philip 
Brody, the school system’s 
chief technology officer. The 
MAN rollout is budgeted at 


completed next November. 
Clark County, the nation’s 
sixth-largest school district, 


every classroom with about 
27,000 Alcatel phone sets that 


IP modes. About 5,000 phones 
have been installed, and Brody 
said that project will take an- 


Explosive Growth 
The MAN and the dual-mode 


explosive growth. The district, 
which serves 268,000 students 
and has 30,000 workers, is 


“This is a crazy place, not 


is also an incredible jugger- 
naut of education and tech- 


MORE NEWS 
Avaya is announcing an upgrade of its IP 


telephony software, plus a series of new 
hardware devices and phones: 
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The phones will be used 
primarily in digital mode in 
order to take advantage of dig- 
ital wiring that was recently 
installed in two-thirds of Clark 
County’s schools. But some of 
the phones will be IP-based, 
Brody said. In addition, the 
fiber-optic links and Gigabit 
Ethernet switches being built 
into the MAN support IP. 

The hybrid plan was recom- 
mended by a consulting firm 
three years ago, Brody said. St. 
Louis-based Dietrich Lockard 
Group Inc. said the school dis- 
trict could save $2 million per 





year by installing a converged 
voice and data network. 

Another advantage of an IP- 
enabled system is 
that teachers will be 
able to make emer- 
gency calls from 
their classrooms, but 
incoming calls can 
be routed elsewhere 
to avoid class-time 
interruptions. “We 
never had a public 
meeting about this 
project where the 
need to have a ‘do 
not disturb’ feature didn’t 
come up,” Brody said. 

To protect against potential 
network failures, every build- 
ing will retain one line to the 


Start-up Aims Software at 
Design of Data Center Racks 


Web-based tool 
creates drawings, 
measures IT needs 
BY MATT HAMBLEN 

Software start-up Visual Net- 
work Design Inc. this week 
plans to launch its first prod- 
uct, a Web-based tool for creat- 


| ing drawings and reports that 


can help streamline the process 
of designing racks for network- 
ing and storage devices. 

The product, called Rack- 
wise, is aimed at systems inte- 
grators and corporate IT 
staffers who plan and config- 
ure the racks that hold switch- 
es, server blades, cables and 
other equipment. A propri- 
etary database uses drawings 
created by Rackwise to calcu- 
late power, air-cooling and 
space requirements, said Em- 
mett DeMoss, CEO of Visual 
Network in Burlingame, Calif. 

Jasmine Noel, an analyst at 
Ptak, Noel and Associates in 
Cambridge, Mass., said Cisco 
Systems Inc. and other big 
networking vendors sell con- 





figuration tools for their own 
products. “But the minute you 
mix and match hardware, 
they’re useless,” she noted. 
Both Noel and John Mad- 
den, an analyst at Boston- 


| based Summit Strategies Inc., 


said Rackwise could be help- 
ful as large corporate users be- 
gin reorganizing their IT ar- 
chitectures around the con- 
cepts of dynamic computing, 
virtualization and policy- 
based management. 

At companies that adopt 
so-called adaptive business 
processes, systems managers 


| will need automated tools to 


help them quickly rewire and 


NEW SOFTWARE 


Deke e 
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$2,400 for a single- 
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Clark Co 
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expects to save 
millions annually. 
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circuit-switched public tele- 
phone system, he added. 

Paris-based Alcatel’s net- 
working hardware and soft- 
ware was sold to Clark County 
by Verizon Communications 
in New York. Verizon has also 
provided project management 
and installation support, 
according to Brody. 

Elizabeth Herrel, 
an analyst at For- 
rester Research Inc. 
in Cambridge, Mass., 
said the predictions 
of millions of dollars 
in annual savings are 
realistic because the 
new system will re- 
quire less switching 
hardware at each lo- 
cation. “IP telephony 
is a practical solu- 
tion, especially in places such 
as schools or banks where 
there are many offices, class- 
rooms and branches,” Herrel 


said. @ 43301 


unty’s 


reconfigure systems, they said. 

Chris Shoop, the top execu- 
tive at systems integrator 
Conexus Technologies LLC in 
West Chester, Ohio, has used 
Rackwise since May and 
hopes to become a reseller of 
the software. Shoop said he 
uses the technology to help 
“describe what the end deliv- 
erable will look like” when 
Conexus is configuring system 
setups for clients. 

Shoop said Rackwise has 
also accelerated the design 
process, reducing jobs that 
took three hours with some 
computer-aided design tools 
to as little as five minutes. 

“Designing systems is typi- 
cally a hairy process and not 
well planned,” he said. “Proj- 
ects tend to happen pretty 
quickly, with the end users or- 
dering a bunch of software 
and hardware and as an after- 
thought realizing they need to 
connect it to more power or 
slam it all in a rack.” 

But Shoop said one feature 
that he hopes to see in future 
versions of Rackwise is sup- 
port for planning and design- 
ing a series of racks within a 
larger system. Visual Network 
plans to do so in the next revi- 
sion, DeMoss said. @ 43309 
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PeopleSoft to Change Fees 
For J.D. Edwards Products 


Goal is to unify 
pricing model for 
ERP applications 


from both vendors 


BY STACY COWLEY 
TARTING EARLY next 
year, PeopleSoft Inc. 
will unify the pricing 
models for its Enter- 

prise software line and the En- 

terpriseOne line built around 
the applications it picked up 
through its August acquisition 

of J.D. Edwards & Co. — a 

change that will alter the li- 

censing structure J.D. Edwards 

customers are accustomed to. 
After the J.D. Edwards ac- 
quisition, Pleasanton, Calif.- 


based PeopleSoft formed three 


product lines: Enterprise, a 
portfolio containing its tradi- 
tional applications; Enter- 
priseOne, a rebranded suite of 
J.D. Edwards applications; and 
World, the portfolio for J.D. 
Edwards’ legacy AS/400 
World software. Rather than 
mingling code bases, People- 
Soft plans to indefinitely 
maintain the three brands. 


Melding Models 
PeopleSoft and J.D. Edwards 
had different pricing strate- 
gies, however. PeopleSoft 
uses what it calls a “value- 
based pricing” model, in 
which its software has no list 
prices. Fees are calculated 
based on a number of factors, 
including a customer’s size, 
industry and annual revenue. 
The licenses usually cover an 
unlimited number of users. 
J.D. Edwards had a more tra- 
ditional per-user licensing 
model for its applications 
and modules. 

“We've been doing a lot of 
work to roll out a single pric- 
ing model next year. We’re 
moving more toward the Peo- 
pleSoft model,” said Les Wy- 
att, a former J.D. Edwards ex- 
ecutive who now serves as 
general manager of People- 





Soft’s EnterpriseOne line. 

The change will affect only 
Enterprise and EnterpriseOne 
customers. World, for which 
additional licenses are sold 
almost entirely into the exist- 
ing base of about 3,400 cus- 
tomers, will continue to be 
priced on a per-user basis. 
EnterpriseOne also has about 
3,400 customers. 

The change will affect En- 
terpriseOne customers as they 
license new modules from ei- 
ther the EnterpriseOne or En- 
terprise product lines. Mainte- 
nance fees for EnterpriseOne 
will also likely rise, Wyatt 
said, though he noted that J.D. 
Edwards had been raising its 
maintenance charges steadily 





throughout the past three 
years. Details of the pricing 
changes are still being worked 
out, he said. 

“One of the things we don’t 
want to do is move to a model 
that arbitrarily and dramatical- 
ly increases our prices,” Wyatt 
said. “Our users will be paying 
roughly the same amount.” 


| Not Convinced 


One EnterpriseOne customer 
said he’s keeping a wary eye 


| on PeopleSoft’s licensing 


plans. Manufacturing compa- 
ny Consolidated Container 
Co. in Atlanta has about 400 
employees in several facilities 
using EnterpriseOne applica- 


| tions. Vice President of IT 





Andrew Ziegele said People- 
Soft’s sales team approached 
him last month about moving 
to a new licensing plan that 
would give him an unlimited 
number of user licenses. 

But Ziegele has no pressing 
need for more user seats, and 
the cost of the proposed new 
plan was around $400,000. 
“That’s pretty much like re- 
licensing the whole thing,” he 
said. “I’m concerned about the 
licensing. I can see why there’s 
some confusion.” 

PeopleSoft indicated to 
Ziegele that any licensing 
changes to his contract would 
be optional, so he won’t be 
forced into an expensive re- 
investment to maintain his 
current software configura- 
tion. Ziegele is considering 
picking up several new mod- 
ules, though, and said he isn’t 
sure how expensive those 
additions would be. 

PeopleSoft’s pricing plans 


Patch Management Options 
Grow in Wake of Blaster Worm 


LANDesk, other vendors rush to meet 


demand for automated patching tools 





BY JAIKUMAR VIJAYAN 
This summer’s Blaster worm 
was one of the first pieces of 
malicious code to spread itself 
by means of network-connect- 
ed PCs. And the worm high- 
lighted the need for more effi- 
cient patching processes in 
many companies. 

Since then, several vendors 
have announced automated 
management products de- 
signed to help companies 


| quickly test patches, identify 
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systems that need them and 
automatically update those 
systems. 

This week, South Jordan, 
Utah-based LANDesk Soft- 
ware Corp. will join the fray 
with the shipment of LAN- 
Desk Patch Manager for auto- 
mated vulnerability assess- 


| ment and patch distribution. 


The software is designed to 
give administrators a central- 
ized view of the patch status 
of systems on their networks, 
identify specific vulnerabili- 
ties, test and deploy the patch- 
es, and then audit them as 
needed. 

Other vendors marketing 
similar products include Shav- 
lik Technologies LLC in Rose- 
ville, Minn., St. Bernard Soft- 
ware Inc. in San Diego, and 
PatchLink Corp. in Scottsdale, 
Ariz. 

Raymond James Financial 
Inc., a financial services firm 





in St. Petersburg, Fla., has 
been beta-testing LANDesk’s 
new patch management soft- 
ware for the past few months 
and is preparing to-roll it out 
to 10,000 systems on its net- 
work. 

The company has been us- 
ing another LANDesk soft- 
ware tool to dis- 
tribute patches 
companywide for 
several years. But 
LANDesk’s new 
patch management 
function will give 
the company a bet- 
ter view of the systems that 
need to be patched and speed 
up the process of deploying 
the patches, said Andy Nosal, 
a supervisor of LANDesk op- 
erations at Raymond James. 

“T like the ease of being able 
to find out what patches are 
on what systems and seeing all 
the affected machines” that 
need patching, Nosal said. 

Stamford, Conn.-based Pit- 
ney Bowes Inc., meanwhile, is 
deploying similar patch man- 





WORM WATCH 
For more on this topic, visit 
our Knowledge Center: 


@ QuickLink a1280 
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licensing. | can 

see why there’s 

some confusion. 


ANDREW ZIEGELE, VICE PRESIDENT 
OF IT, CONSOLIDATED CONTAINER CO 


will be finalized and imple- 
mented in the first quarter of 
2004, most likely in January, 
Wyatt said. 

At the same time, People- 
Soft plans to unify its sales 
force with that of J.D. Ed- 
wards, which has remained 
separate since its acquisition. 
Sales executives will special- 
ize by region and industry, but 
every sales employee will be 
able to sell every PeopleSoft 
product, Wyatt said. @ 43343 


Cowley writes for the IDG 
News Service. 


agement technology from 
Emeryville, Calif.-based BigFix 
Inc. to 22,000 client systems. 

The tool will not only help 
Pitney Bowes deploy patches 
much faster, but it will also 
help the company enforce 
tough new security policies 
related to network-connected 
desktops, notebooks and other 
client devices, said David Gi- 
ambruno, the company’s di- 
rector of strategy and security. 

Since BigFix’s software al- 
lows Pitney Bowes to monitor 
the patch status 
and virus signa- 
tures on every 
client device, the 
technology has en- 
abled the company 
to quickly identify 
improperly config- 
ured systems and either block 
network access to those sys- 
tems or take remedial action, 
Giambruno said. 

The client-level impact of 
Blaster forced a “fundamental 
change in our thinking,” he 
said. Whereas before the focus 
had largely been on protecting 
the server environment, the 
current emphasis is also on 
ensuring that client systems 
don’t compromise security, 
Giambruno added. @ 43337 
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a 
Cybersecurity | 

That commitment has come 
under increased scrutiny dur- 
ing the past year, as various 
studies and independent com- 
missions have concluded that 
market forces alone haven't 
been sufficient to yield need- 
ed improvements in security. 

At a summit news confer- 
ence, Robert Liscouski, assis- 
tant secretary for infrastruc- 
ture protection at the Depart- 
ment of Homeland Security, 
and Amit Yoran, the newly 
appointed chief of the DHS’s 
National Cyber Security Divi- 
sion, were grilled by reporters 
about the wisdom of the gov- 
ernment’s nonregulatory ap- 
proach to working with the pri- 
vate sector. Both Liscouski and 
Yoran said increased govern- 
ment regulation remains a 
possibility should the private 
sector fail to live up to its se- 
curity responsibilities. 

“The private sector owns 
the problem,” said Liscouski. 
“There are a lot of people out 
there who are willing to legis- 
late. If that’s what you want, I 
can promise you that you'll get 
it.” But he added that the Bush 
administration doesn’t think 
that better security can be leg- 
islated or forced on the private 
sector by the government. 

Yoran, making one of his 
first major policy speeches as 
director of the NCSD, asked 
the private-sector executives 
present — only eight of whom 
were from nonvendor compa- 
nies — if they were satisfied 
with the current level of prog- 
ress in cybersecurity. “I hope 
that you are not,” said Yoran. 
“We are a nation at war.” 

In an interview with Com- 
puterworld, Yoran acknowl- 
edged the absence of user 
companies, such as utilities, 
natural gas companies, banks 


t if [legislation 
is] what you 
want, | can promise 


ROBERT LISCOUSKI, DEPARTMENT 
OF HOMELAND SECURITY 





| and transportation firms, at 
| said the focus was to get tech- 


| the problem. 


is scheduled for next month, 


‘Support 


| cluding IBM, Hewlett-Packard 
| Co., Oracle Corp. and Com- 

| puter Associates International 
| Inc., last week said they don’t 

| plan to follow Dell’s turnabout 
| by reducing their reliance on 

| global support operations. 


| of product support services 

| never changed support loca- 

| tions because of user feedback, 
| plaints “from time to time in 


| But she noted that Microsoft 
| and deliberate manner. We 


| months ago launched a pilot 


~ NEWS 


IT Security Pros Confident of Defenses 


SANTA CLARA, CALIF 

Despite a significant increase in 
the number of reported security 
incidents over the past year, a 
survey released last week by two 
industry groups reveals a high 
level of confidence on the part of 
IT security professionals. 

As of the third quarter of 2003, 
public and private-sector organi- 
zations reported 114,855 inci- 
dents to the CERT Coordination 
Center in Pittsburgh. That’s an 
increase of 40% over last year, 
according to the survey by the 
Business Software Alliance 
(BSA) and the Information Sys- 
tems Security Association (ISSA). 

The survey results indicate that 
the increase hasn't dampened the 
confidence of many security ad- 


the summit’s debut. But he 


nology providers moving on 


A summit focused on infra- 
structure owners and operators | 


Continued from page 1 


ter in India [QuickLink 43172]. 
Other major vendors, in- 


Lori Moore, vice president 


at Microsoft Corp., said via 
e-mail that the company has 


although it does get com- 
each of our support centers.” 


sets up support facilities in 

new countries “in a thoughtful 
don’t rush into other markets.” | 
For example, Microsoft two 


program to support some of 
its products from a site in Ban- 





galore, India. However, Moore 


: ministrators, but whether that accu- 
: rately reflects the views of corporate 


security personnel is unclear. Of the 
1,716 ISSA members surveyed, 70% 
were from government agencies or 
IT vendor and services firms; only 
30% were corporate users. 

Released the same day that senior 
Officials from the Department of 
Homeland Security warned that un- 
wanted regulation would be the likely 
result if the private sector doesn’t 
take ownership of cybersecurity, the 
independent survey found that three 
out of four IT security administrators 
consider their companies to be pre- 
pared to defend against a major 
cyberattack. Eighty-seven percent 
said patches for known vulnerabilities 
are up to date at their companies. 

In addition, three out of four re- 


said Sally McDonald, the se- 
nior executive in charge of the 
DHS’s outreach program. 
Meanwhile, referring indi- 
rectly to a Computerworld re- 
port last week in which some 
industry executives criticized 
the role of powerful IT indus- 


said it plans to take a “very se- 
lective” approach on the pilot 


project. No companies with 


Premier Support contracts are 
being supported from the new 
facility, she added. 

Despite its pullback, Dell in- 


| dicated that it might eventual- 
| ly shift PC support back to In- 


dia. Glenn Bonner, CIO at Dell 
user MGM Mirage in Las Ve- 
gas, said providing technical 
support from offshore loca- 
tions “really doesn’t matter as 
long as the quality of service is 
the same and there is not a 
language barrier.” If Dell can 


| successfully serve users from 


India, “it’ll just serve to reduce 
Dell’s cost and ultimately give 
savings back to us,” he added. 

Tom Iannotti, vice president 
of business development at 
HP, said it doesn’t make sense 
for vendors to continually 
chase around the world for 
the lowest labor costs. That 
requires constant training of 
workers, not only in the tech- 
nical aspects of product sup- 
port, but in English-language 
skills as well, he said. 





spondents said recent reports of 


software vulnerabilities have prompt- 
: of the BSA, said that while the 


ed their companies to strengthen 
their capabilities to respond to at- 
tacks. Seventy-seven percent said 
they have a formal security program 
in place, and a whopping 96% of 
those respondents said their pro- 
grams have senior management 


www.computerworld.com 


sponsorship and approval. 
Robert Holleyman, president 


survey shows progress is being 


> made, “enormous challenges” 


remain, particularly in employee 


training and security funding at 


small and midsize businesses. 
~ Dan Verton 


SOURCE: ISSA/BSA SURVEY OF 1,716 IT SECURITY PROFESSIONALS 


try lobbying groups [Quick- 
Link 43189], Harris Miller, 
president of the Arlington, Va.- 
based Information Technology 
Association of America, said 
those comments were erro- 
neous and that the ITAA and 
other vendor groups that co- 


IBM doesn’t have any help 
desk operations in India, but it 
does handle support calls from 
a global network of facilities 
in Atlanta, Toronto, Scotland, 
Australia and China, accord- 
ing to a company spokesman. 
IBM isn’t among the vendors 
that “pride themselves on do- 
ing things cheaply,” he added. 

Kirkland, Wash.-based vCus- 
tomer Corp. operates a pair of 
technical support outsourcing 
centers in India with a total of 
about 2,500 customer service 
workers and 700 other em- 


Offshore Tips 


ee Crem ers c eel 
products that are supported 
from overseas facilities should: 


Pei earn lla 
rics, such as the percentage 
Ce ume lem eer) 
on the first call. 


m Ask to see third-party cus- 
mre al ie 


m Evaluate call center training 
programs and the language 
STROM) el0)e Gi Tet clam 


sponsored the summit have no 
lobbying power over the DHS. 
Liscouski echoed that claim. 
“We're not going to let any- 
| body who operates [a busi- 
| ness] dodge their responsibil- 
| ity,” he said. “This is not about 
| mollifying industry.” © 43338 


ployees. Sanjay Kumar, the 
company’s CEO, defended 

the quality of service that his 
India-based support techni- 
cians provide but acknowl- 
edged that their accented Eng- 
lish can be hard for U.S. users 
to understand at first. 

“To the user, it’s a new ac- 
cent, a different one,” Kumar 
said. However, he added that 
vCustomer spends “thousands 
of dollars” per agent on com- 
puter training and to “help 
neutralize the accent.” (Kumar 
isn’t related to CA’s CEO, who 
shares the same name.) 

Several analysts said they 
view the offshore sourcing 
of support as a trend that 
won't go away. But IDC analyst 
Ned May noted that the hard- 
ware success Dell has reaped 
through tight-fisted manage- 
ment of its supply chain does 
not necessarily translate into 





the more people-based sup- 
port business. @ 43340 


Reporters Matt Hamblen, Carol 
Sliwa and Marc L. Songini con- 
tributed to this story. 
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IT Hiring Plans Vary, Despite 
Signs of Demand for Workers 


Tech recruiters cite 
heightened jobs activity 





BY THOMAS HOFFMAN 
With the U.S. economy picking up 
steam, some recruiters are seeing a 
rise in demand for technology work- 
ers. But several IT managers who were 
interviewed in late November said 
they have a mix of hiring plans. 

Following a series of hirings earlier 
this year, Choice Homes Inc. has as 
many IT staffers as it expects to need 
for the next six months, said Andrew 
Brimberry, director of information ser- 
vices at the Arlington, Texas-based 
home builder. 

Choice Homes 
added a database ad- 
ministrator, a WAN 
technician and two 
help desk administra- 
tors to help support an 
expansion of its IT in- 
frastructure that was 
fueled by revenue 
growth. With those ER 
jobs filled, Brimberry pie ail 
said he doesn’t see any 44% 
need to further expand 
his 24-person IT staff. 

The hiring situation 
is similar at Emcor 
Group Inc., but for dif- 
ferent reasons. Nor- 
walk, Conn.-based 
Emcor makes electrical 
and mechanical systems for commer- 
cial construction uses and offers a vari- 
ety of facilities-related services. But 
unlike Choice Homes, which has bene- 
fited from continued strength in new 
housing starts, Emcor has been hurt by 
weakness in the commercial sector. 

That’s the main reason why Emcor 
plans “little to no growth in staff” 
within its IT department and has only 
a handful of major technology initia- 
tives in its 2004 budget, said CIO 
Joseph Puglisi. 

On the other hand, PRG-Schultz In- 
ternational Inc. plans to increase its IT 
staff by more than 10% next year. CIO 
Eric Goldfarb said the Atlanta-based 
company, which does auditing work to 
help corporate clients identify over- 
payments to their suppliers, will add 
20 domestic and international IT 
workers to its current staff of 185 to 
support increasing customer demand. 

“But I think the trend this upcoming 


SOURCE. DICE INC.. NEW YORK 


a . sess hiring by vertical 
allel aU industry. But Melland 


When do you think you ’e Wish c} 
will increase your hiring of company’s Web site 
IT workers? 


| year is for highly specialized talent,” 
| Goldfarb added, citing PRG-Schultz’s 
need for experienced IT professionals 
with ERP skills as an example. 

According to New York-based Dice 
Inc., 72% of the 263 human resources 
managers and recruiters who respond- 
ed to an e-mail survey in August said 
they planned to increase their hiring 
of tech workers within either three or 
six months. “This is a huge difference 
from the survey we conducted last 
year,” said Scot Melland, president and 
CEO of Dice, which operates an online 
job board for tech workers. 

The new survey didn’t explore the 
types of positions that are in greatest 

demand, nor did it as- 





said an analysis of his 


shows that demand re- 
mains strong for “tradi- | 
TES tional, hard-core IT po- 
I sitions,” such as Unix 
28% systems administrators 
Wetted and Oracle and SQL 
es Server database admin- 
15% istrators. 

The industries that 
are doing the most hir- 
ing include aerospace 
and defense plus finan- 
cial services, Melland 
added. 

Unemployment rates 
remain high among IT 

workers compared with historical lev- 
els. The Commission on Professionals 
in Science and Technology, a Washing- 
ton-based nonprofit group that does 
research on workforce and educational 
issues, said in a report released in Sep- 
tember that 6% of IT professionals 
were out of work. The group added 
that the overall number of IT jobs has 
declined by 150,000 from its peak of 2.5 | 
million in 2000 [QuickLink 41519]. 

Conditions in the IT job market 
“have been very trying for the past two 
years, but things have picked up a lot 
since August,” said Jim Tobin, a senior 
technical recruiter in the Rochester, 
NY., office of staffing services pro- 
vider Manpower Inc. @ 43279 
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BEA, IBM Team on New Java Specs | <= sensrision 


which Sun Microsystems Inc. 
BY CAROL SLIWA up to propose three Java speci- | | The two companies pub- set up to evolve its Java tech- 
BEA Systems Inc. and IBM, fications in a bid to further the | lished the specifications late nology. Voting by JCP mem- 
rivals in the application server | cause of application consisten- | last month and submitted bers on whether to accept the 
software market, are teaming cy and portability. them under royalty-free terms | specifications began last week, 
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and the results are due to be 
announced on Dec. 16. 

Perhaps the most significant 
specification for corporate de- 
velopers is one called Service 
Data Objects. SDO aims to 
provide a simple, unified pro- 
gramming model for accessing 
data from heterogeneous sys- 
tems, including relational 
databases, XML-based data 
sources, Web services and 
enterprise applications. 

Nick Gall, an analyst at 
Meta Group Inc., said many of 
his clients are grappling with 
the problem of providing uni- 
form access to structured and 
unstructured data. “This has 
been a never-ending challenge 
for all application architec- 
tures,” Gall said, calling it an 
issue for both Java and Micro- 
soft developers. 

BEA and IBM also pub- 
lished a pair of application 
programming interfaces. One 
is designed to let applications 
based on J2EE schedule work 
to execute concurrently, and 
the other supports the sched- 
uling and receipt of timer 
notifications. 


Allow for Feedback 

Scott Dietzen, chief technolo- 
gy officer at BEA, noted that it 
can take one to two years for a 
Java specification to become a 
formal standard. But he said 
that by publishing the new 
specifications and implement- 
ing them in BEA’s WebLogic 
and IBM’s WebSphere soft- 
ware, the companies and other 
JCP members will be able to 
get more feedback from the 
marketplace. 

“We clearly tried to stream- 
line this process and help it 
along from an adoption stand- 
point,” said Rod Smith, vice 
president of Internet emerging 
technologies at IBM. The spec- 
ifications will be supported in 
WebSphere next year, accord- 
ing to an IBM spokeswoman. 

Ted Schadler, an analyst at 
Forrester Research Inc., said 
BEA and IBM are trying to 
kick-start Java innovation in 
response to slow progress 
through the JCP. “I hope it 
works, because I think users 
could benefit from the pace of 
innovation that would hap- 
pen,” he said. @ 43157 
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ODDS ARE YOUR ANTIVIRUS, 
ANTI-SPAM, AND CONTENT FILTERING 
ARE NOT INTEGRATED AT THE GATEWAY. 


\E eat the odds with Trend Micro. 


\ Spam, viruses, and malicious behavior can all threaten your 
security. That's why Trend Micro, the global leader’ at the gateway, 
reated InterScan” Messaging Security Suite 5.5— a cost-effective 
integrated messaging security platform that combines antivirus, 
content filtering, and anti-Spam applications in one 
easy-to-manage, scalable solution. 


For a free evaluation, call 1.888.58.TREND 


or go to www.trendmicro.com 
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OPINION 


MARYFRAN JOHNSON 


‘Titanic Discontent 


DITORS ARE STICKLERS about finding the 
right word or turn of phrase. So I had to 
cringe a little at calling our recent annual 
Job Satisfaction Survey by its given name 


[QuickLink a3810]. “Job 
Dissatisfaction Survey” 
would have been a lot 
closer to the truth. 

Our online survey of 
936 IT staffers and man- 
agers yielded a gruesome NN) 
and depressing lineup of 
statistics, with 82% find- 
ing work more stressful, 

69% saying they’re not 
working to their full po- 
tential and 56% noting a 
drop in their satisfaction 
from a year ago. 

Those results weren’t all that sur- 
prising, really, when stacked up 
against the similarly dreary findings 
of our annual salary survey earlier 
this fall [QuickLink 41785]. That one 
documented shrinking pay scales, 
overloaded work schedules, worries 
about outsourcing and the continued 
negative impact of this industry’s re- 
lentless economic doldrums. 

Are your eyes glazing over yet? 
Mine, too. I can absorb only so much 
bad news in statistical form before it 
becomes just a stream of numerical 
white noise. And what’s happening 
on the job in IT these days mirrors 
the situation in so many other sectors 
of the economy — blue collar and 
white collar alike — that disgruntle- 
ment feels like the status quo every- 
where. More than half (51%) of the 
3,278 U.S. workers surveyed last year 
by Spherion Corp. and Harris Inter- 
active said they wanted to leave their 
current jobs. 

So, who cares? Who’s got the luxu- 
ry of time to worry about unhappy IT 
staffers or chronically stressed proj- 
ect managers? Once the economy 
starts to party again, these people 
problems will fade away like a New 
Year’s Day hangover, right? 

Fade away is right. To other jobs at 
other companies, as our “Already 
Gone” story in this week’s Manage- 


ment section contends 
(on page 47, and online 
at QuickLink 43001). 

Up to half of your over- 
worked IT managers and 
star players may be plan- 
ning an exodus as soon 
as an opportunity pre- 
sents itself. 

Worrying about an IT 
brain drain may seem 
pointless right now, when 
nobody’s going anywhere 
fast and the most robust 

growth industry seems to be offshore 


outsourcing. But all sorts of employee 


surveys are issuing warnings about 
this hulking iceberg of discontent 
drifting along menacingly below the 
IT workplace surface, ready to strike. 

Yet unlike all the other complex 
problems you're wrestling with, this 
one has two very basic, inexpensive 
solutions: 

1. Start some candid conversations 
about workplace concerns within your 
IT group. Your ability to talk about 
what’s on their minds could have 





an enormous, positive impact on 


| morale. “No matter how busy every- 


one is, you should be able to carve 
out just a little time to encourage 
discussions about what would im- 
prove conditions. Try taking small 
groups of staffers to lunch once a 
week to discuss their perspectives on 
how things are going,” recommends 
Paul Glen, one of our Management 
columnists [QuickLink 42356] and 
author of Leading Geeks: How to 
Manage and Lead the People Who 
Deliver Technology. 

2. Pay attention to and act upon what 
those conversations tell you. Can you 
cut back on overtime or put some 
lesser projects on the back burner? 
Can you build in more flexible work 
schedules or lighten workloads? “Em- 
ployees understand and can handle 
the fact that the economy is tough,” 
says Ed Jensen, a partner in the hu- 
man performance practice at Accen- 
ture, who’s been hearing firsthand 
about the “already gone” syndrome at 
IT client sites. “They want to feel part 
of the process and understand why 
decisions are being made.” 

Following this advice could help 
turn a dissatisfied crew into a more 
motivated one that will stay with you 
once the economy bounces back. Isn’t 


it worth a shot? @ 43271 








No, T HAVEN'T HEARP ABOUT 


ANT CHANGES IN THE ECONOMY 
SINCE YOU ASKED |S MINUTES Aco. 


CO yA 


res 





www.computerworld.com 


Saving 
Bandwidth 
And Britney 


URING A RECENT 

trip to the movies, I 

was greeted by Holly- 
wood’s not-so-subtle cam- 


paign to promote its view 

that video piracy is sucking money out 
of the pockets of stunt doubles (never 
mind the stars). It’s only a matter of 
time before music moguls warn me not 
to steal cash from Britney Spears’ fa- 
vorite Cartier salesclerk. 

The music industry is already wav- 
ing nasty letters in the faces of colleges 
and universities cautioning them to 
curtail piracy. Luckily there’s a tech- 
nology solution to the problem, which 
technology itself created. 

The technology that created the 
problem is high-speed Internet access, 
which is available 
throughout the cam- 
puses of most educa- 
tional institutions. 

Students and faculty 
members use the In- 
ternet for research 
and legitimate file 
sharing. There’s con- 
siderable competi- 
tion for the limited 
bandwidth. Add in 
less-than-legitimate 
downloads of music 
and video, and a lot of bandwidth gets 
chewed up. 

Jon Dodds, manager of network and 
tech services at Fairmont State College 
in Fairmont, WVa. (7,200 students, 450 
faculty members), wanted to take con- 
trol of his bandwidth. In the process, 
he has made sure that the school does 
its bit to promote compliance with 
copyright laws. He’s quick to point out 
this isn’t about censorship; it’s about 
using resources effectively. 

His quest led him to Bakersfield, 
Calif.-based Lightspeed Systems Inc. 
His initial success with the 30-day 
evaluation copy of the company’s 
bandwidth management product led 
him to buy it. 

“We started by doing bandwidth pri- 
oritization between the dorms and the 
main campus,” Dodds says. 

During business hours, campus con- 
nections have priority over dorm use, 
and Dodds can filter out certain IP ad- 
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dresses, block some peer-to-peer traf- 
fic and even segregate dorms by sub- 
net. Using the graphic capabilities of 
the package, Dodds is able to see 
which protocols are using the most 
bandwidth and then allocate band- 
width as needed. 

He uses the two servers that run the 
bandwidth management software in an 
array for fail-over protection, ensuring 
continuous connection to the network. 
Dodds even tests new configurations 
on one of the servers’ arrays before 
promoting it to the primary array. 

Prior to implementing the band- 
width management setup, Fairmont 
was considering purchasing additional 
bandwidth. That’s now been shelved. 

And as for pulling the plug on illegal 
music and video downloads, well, let’s 
just say Britney can shop to her heart’s 


content. @ 43186 


THORNTON A. MAY 
Disconnecting 
IT From 


Reality 


N THE PAST 60 DAYS, I 

have been knees-under- 

the-table with hundreds of 
IT leaders and scratch-and- 


sniff close to scores of vendor 
CEOs. In addition, I’ve attended more 
than my share of IT events. One of 
them, Comdex, brought together the 
ideas that have been swirling about me 


for the past two months, with frighten- | 


ing clarity. 

We stand at a moment unprecedent- 
ed in the evolution of IT. I use the 
word unprecedented because at no pre- 
vious time in history has technology 
possessed more promise or its value 
been so seriously doubted. The doubts 
could overwhelm the promise, how- 
ever, since two vast disconnects imper- 
il our possibilities. 

Disconnect No. 1: Despite being anoint- 
ed by the mainstream media, Bill Gates, 
Windows and Microsoft aren’t the fu- 
ture of our industry. 

On Nov. 16, some 7,000 IT leaders 
streamed into the Aladdin Theatre in 
Las Vegas to hear what Gates had to 
say in his Comdex keynote speech. Yet 
barely half of the audience members 
were able to remain conscious through 
what may well have been the worst 
piece of oratory ever inflicted upon the 
technology industry. (In my row, half 
the people were asleep.) 


OPINION 


It wasn’t just a matter of 
Gates’ skills as a speaker, 
but also of the ideas he was 
presenting. 
Still, the mainstream press 
equates Microsoft with the 
future of our industry. For 
example, Steven Levy and 
the editors at Newsweek — 
known more for color-by- 
numbers linear thinking 
than strategic insight — re- 
cently devoted a cover story 
to Gates in which he talked 
about the future of comput- 
ers. In doing so, they did 
both journalism and IT a disservice. 
Even a modest bit of reporting would 
have revealed that most of the $6 bil- 
lion that Microsoft is spending on R&D 
is focused on protecting existing prod- 
uct lines rather than on creating new 
franchises. Microsoft’s strategic weak- 
ness is its repeatedly demonstrated in- 
ability to generate sustainable busi- 
nesses outside its core competence of 
operating systems. 


Disconnect No. 2: People 
believe Scott McNealy, but 
they scoff at their local Sun 
Microsystems sales reps. 

Thirteen hours after 
Gates’ Comdex speech, 
McNealy gave his. What 
followed was a brilliant, 
no-props-required tour de 
force explanation of where 
the industry has been and 
where we are going. 

Later, the 200-plus C-lev- 
el attendees at the Comdex 


CIO Boot Camp were asked | 


whether they more ad- 


software architect or Sun’s CEO. The 


| answer was unanimous for Sun’s boss. 


Herein lies the disconnect. McNealy 
and his senior team are spooky smart 
and have thought hard and long about 
how our industry works. The top 


| of the house at Sun has architected 


a plausible, affordable and practical 
alternative path to the Microsoft 


| hegemony. 
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Unfortunately, this message isn’t the 
one being delivered by the Sun sales 
force, which is perceived by most IT 
leaders as being little more than coin- 
operated box sellers. Sun’s sales force 
is the least influential and respected of 
all the major vendors. 

Prior to pulling out the order form, 
Sun salespeople need to channel the 
powerful ideas of their leader and re- 
connect themselves to the market- 
place. They need to articulate what 
McNealy’s big ideas mean for worka- 
day IT leaders. 

If Microsoft can jettison its addic- 


| tion to and fetish with Windows and if 
mired the thinking of Microsoft’s chief | 


_WANT OUR OPINION? 


Sun can escape the parochialism of its 
sales force, we might see a tech boom 
that makes the dot-com era pale in 
comparison. If not, doubts about IT’s 
value will continue to grow, to the 


detriment of us all. @ 43185 





More columnists and links to archives of previous 
columns are on our Web site 


| www.computerworld.com/columns 





Indiana’s Choice 


Editor’s note: The news that 
the Indiana Department of 
Workforce Development 
had signed a deal with Tata 


America International Corp. 


that could have resulted in 
as many as 65 IT staffers 
from India being brought in 
to work on a project un- 
leashed a flood of letters, 
both before and after the 
state rescinded the contract. 


HAT’S AT ISSUE is not 
whether the contracting 
process was fair, but whether this 
should be allowed [“Job Agency 
Hires Foreign Help,” QuickLink 
42838]. It would have been cre- 
ative of someone in the Indiana 
state government to search through 
its unemployment lists and put to- 
gether a team made up of unem- 
ployed IT workers. But people 
aren't paid to think; they're paid to 
get the lowest cost. 
Jim Tennyson 
Independent consultant, 
Xcel Systems Inc., 
New Jersey, Jim.Tennyson@ 
Xcelsystems.com 


ORE POWER to Republican In- 
diana state Sen. Jeff Drozda 


| and his legislation that would disal- 

| low such ridiculous maneuvers. A 

| state agency whose very purpose is 
| to assist state residents with finding 


| work to overseas firms. 


| Senior systems programmer, 
Port Ludlow, Wash., 
| ddenver@olypen.com 


| outsourced work are receiving un- 

| employment compensation from the 
| state. They should be given first op- 

| portunity at those jobs. Not only 

| would the state get the job done, but | 
| some people would come off of un- 
| employment rolls. 


| stop large corporations from send- 
| ing jobs overseas, but we should be 


| cies from doing it. 


| Saint Cloud, Fla. 





aaa 


employment should not be sending 


Dan Denver 


DDS ARE that hundreds of peo- 
ple who are qualified for the 


Every government agency should 
be required to include some type of 
“local workforce” requirements in 
contracts. We may not be willing to 


able to stop our government agen- 


John Schoettl, CISSP 


00D JOB, Gov. Kernan [“Em- 

ployment Agency Scuttles India 
Contract,” QuickLink 43167]. As an 
IT employee who is constantly see- 
ing IT workers’ livelihood shipped 





| Ind., when Joe Kernan was mayor. 
| He did an outstanding job there, and | 
| itlooks like his great work is contin- | 
| uing at the statehouse. 
| Edwin Shaffer 


| manager, Chicago, 


| and the timely delivery of individual 
| orders. This is an outstanding ex- 


| an overabundance of irrelevant in- 


overseas or overtaken by overseas 
workers, it's refreshing to see some- | 
one in gevernment who is con- 
cerned ahout the thousands of un- 
employed U.S. workers. | had the 
pleasure of living in South Bend, 


Data center production 


e_f_shaffer@hotmail.com 


| daily management reports do pro- 


vide valuable updates on the per- 
formance of the organization, but 


| they should be provided only to 
| those who are responsible for the 


management of that particular facet 


| of operations - a sales manager, 


for example. 
Of course, if this implementation 
of the Macola Enterprise Suite en- 


| abled Davis to eliminate its sales 
| manager, transfer sales manage- 
| ment responsibility to the CEO, and 


in doing so improve both sales force 


| efficiency and executive leadership 


Eye-opener 

HAVE DEDUCED why Neil Mont- 

gomery is scowling in the picture 
accompanying the article “Eyes 
Everywhere” [QuickLink 42407]. As | 
a midmarket CEO, he is receiving 
daily e-mail reports on the activity 
of individual sales representatives 


ample of an information system 
providing the wrong individual with 


formation. Are decisions being 
made on a daily basis by the CEO at 
Davis Controls that require this 
data? Are the outcomes achieved 
by the activity at Davis sparked by 
these decisions enhanced by the 
consideration of this data? These 





| effectiveness, please ignore my 
| previous paragraph. 


Nate Brandstater 

Assistant vice president, La 
Sierra University, Riverside, 
Calif., nbrandst@lasierra.edu 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701 

Fax: (508) 879-4843. 

E-mail: letters@computerworld.com. 
Inciude an address and phone num- 


| ber for immediate verification. 


For more letters on these and 
other topics, go to 


| www.computerworld.com/letters 
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ONE ATTENTIVE 


SAN SWITCH. 


THE CISCO MDS SAN SWITCH. Your Fibre Channel SAN solution may handle your workload now. But what about next month? 
Or next year? Is it time to hold true to a pure Fibre Channel environment or explore the option of an IP approach to SAN? Now you can 
choose both. Introducing the Cisco MDS family of switches. They grow. They adapt. They evolve. They offer Fibre Channel for high 
performance data center applications. FCIP and optical technology for distance. And iSCSI for scalability. Need to add a new application? 
Just add a new blade. Are you ready to take on the future of your data? You could be. Now. 


Cisco SYSTEMS 


Visit cisco.com/san to learn more. 


THIS IS THE POWER OF THE NETWORK. NOW. 





INTRODUCING 


THE FASTEST WAY TO MAKE YOUR 


APPLICATIONS 


Imagine your applications — both legacy and 
new — performing together as an ensemble. 

That vision can become a reality surprisingly 
quickly with Ensemble, the comprehensive inte- 
gration platform with all the functionality you 
need to rapidly complete any type of integration 
project on deadline and on budget. Even complex 
projects you may have struggled with in the past. 

With its unique fusion of powerful technologies 
for application integration, development, deploy- 
ment, and management, Ensemble enables 
extremely fast integration and rapid development 
of “composite applications” — new business 
solutions that integrate data, orchestrate business 


InterSystems 


processes, and enhance the value of legacy applica- 
tions. You'll see real-world evidence of this in the 
customer testimonial section of our web site.* 

Ensemble is exciting new software from 
InterSystems. Over the past twenty-five years our 
high performance products have been deployed 
in more than 100,000 mission-critical systems 
around the world. 

We’re so confident that Ensemble is drama- 
tically faster than any other integration technology, 
we’ll be happy to begin our partnership with you 
by conducting a pilot project. To pursue this, 
contact us at: 
www. InterSystems.com/Ensemble/Pilot 


Es ENSEMBLE 


Integrate Applications Faster 


*Read how companies like yours have integrated applications faster with Ensemble: www.InterSystems.com/Ensemble/Customers 
If you are a System Integrator in need of a rapid integration platform, come to www.InterSystems.com/Ensemble/Partners 





12.08.03 





TECHNOLOGY 


SECURITY MANAGER’S JOURNAL QUOTE OF THE WEEK 

Toys for techies are gone from enterprise 
IT budgets, but technology investment is 
essential if companies are to move ahead or 
even keep up with the competition. 


Columnist Tommy Peterson, page 44 


FUTURE WATCH 

The New Internet 

Researchers say PlanetLab promises 
a faster, more reliable and more se- 
cure Internet, but it will take years 
to accomplish. Page 36 


Single Sign-on Effort Falls Short | 4 


When Mathias Thurman’s company 

merges its directories and moves toward 
a single sign-on system, the implementa- 
tion has some undesired effects. Page 40 





Some six months after 
its launch, early adopters 
and consultants give 
Windows Server 2003 

a thumbs up for turning 
many services off by 
default, but security 
concerns still remain. 

BY CAROL SLIWA 


HERE ARE GOOD reasons 
why expectations have 
run higher for Windows 
Server 2003 from a se- 
curity standpoint than 
for any prior edition 
that Microsoft Corp. has 
released. 

With its April launch, Windows 
Server 2003 became the first operating | 
system to ship since Microsoft com- 
menced its much-touted Trustworthy 
Computing initiative in earnest, after 
Chairman Bill Gates sent the compa- 
ny’s employees a memo in January 
2002 telling them that security would 
be the “highest priority.” 

Soon after Gates issued the memo, 
Microsoft shut down Windows produc- 
tion for 10 weeks to train engineers in 
writing secure code. The company de- 
layed Windows Server 2003 for rough- 
ly a year, in part to allow more time for 
intensive source-code analysis, threat 
modeling, penetration testing, buffer 
overrun checks and security audits. 

The natural question becomes this: 
Is Windows Server 2003 living up to 
its billing? Some say no. More say it’s 
too early to tell. 


Better Security by Default 


Early adopters, analysts and consul- 
tants agree that Microsoft has made 
improvements — most notably, dis- 
abling many features and functions in 
the default install to reduce the surface 
area available for hackers to attack. In- 





ternet Information Server 6.0, for in- 


stance, is turned off by default. And 
overall, Microsoft shut off or reduced 
privileges for more than 30 services in 
Windows Server 2003. 

“You design the role of the server 
and turn on only things appropriate to 
the task at hand. That is the greatest 
security feature we’ve seen and taken 
advantage of in Windows Server 2003,” 
says Scott Campbell, director of IT op- 
erations at First American Title Insur- 
ance Co. in Santa Ana, Calif. The com- 
pany is currently certifying applica- 
tions to run on Windows Server 2003 
in preparation for a gradual rollout to 
172 servers. 

But early adopters have yet to reach 
a verdict when judging the new operat- 


| ing system from a vulnerability stand- 


point. Most have neither tested nor de- 
ployed Windows Server 2003 at large 
scale or in a wide enough range of sce- 
narios to tell just how solid it is. 

“We want to see at least two quar- 
ters’ worth of data — and I don’t care 
about patches. I want to see the pene- 
tration test results,” says Jeremy 
Lehman, a senior vice president who 
heads the technology group at New 
York-based Thomson Financial, which 
has migrated about 20 servers to Win- 
dows Server 2003. 

Some security experts are already 
dubious. They point out that some of 
the vulnerabilities affecting older Win- 
dows operating systems also plague 
Windows Server 2003, as demonstrated 
through patches that have been issued. 

Continued on page 32 
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Visit ibm.com/pc/safecomputing periodically for the latest information on safe and effective computing. Warranty Information: For a copy of applicable product warranties, write to: Warranty Information, P.O. Box 12195, RTP, NC 27709, Attn 
Dept. JDJA/B203. IBM makes no representation or warranty regarding third-party products or services. *Prices do not include tax or shipping and are subject to change without notice. Reseller prices may vary. ‘Requires download of client software 
Mobile Intel Pentium processors feature Intel SpeedStep® technology. With Intel SpeedStep, processor speed may be reduced to conserve battery power. °11a, 11b and 11g wireless is based on IEEE 802.11a, 802.11b and 802.11g, respectively. An 
adapter with 11a/b, or 11a/b/g can communicate on either or any of these listed formats respectively; the actual connection will be based on the access point to which it connects. ‘Software may differ from its retail version (if available) and may not 

user manuals or all program functionality. License agreements may apply. °For hard drive, GB = billion bytes. Accessible capacity is less; up to 4GB is service partition. “Includes battery and optional travel bezel instead of standard optical 


drive in Ultrabay bay, if applicable; weight may vary due to vendor components, manufacturing process and options. Thinness may vary at certain points on the system. ‘Support unrelated to a warranty issue may be subject to additional charges. 
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With the best data protection available on a wireless notebook, you can 
work where you like. Knowing there’s a power looking out for you. 


It's easy to work wirelessly when you choose the exceptional performance of these IBM 
ThinkPad? notebooks with Intel® Centrino™ mobile technology. You'll also get the most 
secure PCs available. Because IBM builds in an extra layer of protection on select models 
for passwords and documents, making it extremely tough for the unauthorized to access 
your vital data. No one else offers this level of hacker-resistant hardware and software 
ao as a standard feature. So feel free to go where the mood takes you. We'll be right 


426-0004 | ibm.com/shop/m588 


Save on shipping. Order online? 


These services are available for machines normally used for business, professional or trade purposes, rather than personal, family or household purposes. Service period begins with the equipment date of purchase. If the machine problem turns 
out to be a Customer Replaceable Unit (CRU), IBM will express ship the part to you for quick replacement. Onsite 24x7x2-hour service is not available in all locations. For ThinkPad notebooks requiring LCD 
may choose to perform service at the depot repair center. "Standard shipping included when you order online. U.S. only. IBM reserves the right to alter product offerings and specifications at any time, witho e. IBM is not responsible for 
photographic or typographic errors. All IBM product names are registered trademarks or trademarks of International Business Machines Corporation in the U.S. and other countries. Lotus and SmartSuite a Stered trademarks of Lotus 
Development Corporation, an IBM company. Intel, Intel Inside, the Inte! Inside logo, Inte! Celeron, Intel Centrino, the Intel Centrino logo and Pentium are trademarks or registered trademarks of Intel Corpor 
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Continued from page 29 

“T still give them an F,” says Russ 
Cooper, surgeon general at TruSecure 
Corp. in Herndon, Va. “We keep getting 
examples of how nothing’s changed.” 

But where some see a black cloud, 
others see a brighter horizon. Micro- 
soft CEO Steve Ballmer noted this fall 
during keynote presentations that 
Windows Server 2003 had four critical 
vulnerabilities at the 150-day mark, 
compared with 17 for its predecessor at 
the same stage. “It’s insufficient, but 
it’s real improvement,” he says. 

The total vulnerability count was 32 
for Windows 2000 and 14 for Windows 
2003, according to Mike Nash, vice 
president of Microsoft’s security busi- 
ness unit. Nash notes that certain vul- 
nerabilities rated critical for some 
products are moderate for Windows 
Server 2003 because of its more secure 
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default configuration. He adds that the 
vulnerability comparison to Windows 

2000 is fair, since there are more peo- 

ple scrutinizing the product than there 
were three years ago. 

But Marc Maiffret, co-founder and 
chief hacking officer at security services 
vendor eEye Digital Security Inc. in Al- 
iso Viejo, Calif., doesn’t view the statis- 
tics that Microsoft has put out — or sta- 
tistics from any vendor — as a credible 
gauge. He says some vendors may ne- 
glect to mention that some advisories 
address multiple vulnerabilities, or they 
may silently address a collection of 
vulnerabilities via a service pack. “I’ve 
never seen anyone do a valid break- 
down on the numbers. Everyone seems 
to have some type of agenda,” he says. 

And Tom Bittman, an analyst at 
Gartner Inc., says Windows 2000 Serv- 
er was a “monster release,” so it’s not 
surprising that its vulnerability count 
was higher in the first 150 days. In con- 
trast, Windows Server 2003 is an incre- 
mental release, he says. “The billing 
was Trustworthy Computing, the most 
secure operating system. The impres- 
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| sion people took away is we would see 
| a dramatic improvement,” Bittman 
says. “This is a battle they cannot win. 
All they need is one dangerous securi- 
ty problem out there, and it'll look like 
| they haven't solved their problem.” 


| New Security Features 


Microsoft introduced a collection of 
features and enhancements to help im- 
prove security in Windows Server 
2003. Administrators who use public- 
key infrastructure services, for in- 
stance, will be able to automatically 
enroll and renew certificates. They will 
also be able to control access to re- 
sources based on an employee’s role 
and set policies to prevent executable 
programs from running on computers. 

Michael Stephenson, a Windows 
Server group product manager, says 
another helpful new feature that 
shipped with a resource kit, the net- 
work access quarantine service, lets 
users check the state of computers ac- 
cessing the network and block VPN ac- 
cess if necessary. 

Yet no matter how many security en- 
hancements the new server operating 
system has, early users most frequently 
mention the new default settings that 
lock down services that might be vul- 
nerable to attack. 

Instead of knowing how to turn ser- 
vices off, IT shops now have to learn 
how to turn them on, says Bob Lam- 
oureux, chief architect at Thomson Fi- 
nancial. He says the process isn’t diffi- 
cult, although it doesn’t hurt to check 
out the installation guides beforehand. 

Although some early adopters think 
Microsoft did a good job with the new 
default settings, TruSecure’s Cooper 
still doesn’t think enough services are 
turned off. Internet Explorer, for in- 
stance, is enabled at a high security 
level in Windows Server 2003 for serv- 
er administration purposes, 
| but Cooper questions why 
the Web browser is enabled 
at all. “I need to know that I 
don’t need to reboot my 
mission-critical server be- 
cause of the latest IE cumu- 
lative update,” he says. 

Other features that Cooper thinks 
should not be on the box include Out- 
look Express, Media Player and Re- 
mote Assistance — “just all these tools 
that are unnecessary for a server and 
have been exploited in the past.” 

Cooper says he conducted a study at 
the end of July and found that almost 
every vulnerability affecting Windows 
2000 Server also affects Windows 
Server 2003. “This certainly doesn’t 
bode well for all the extra work Micro- 








KEY CHANGES 


To learn about key security 
improvements in Windows 
Server 2003, go online 


@ QuickLink 43103 
www.computerworld.com 





soft claims to have put into the code 
base,” he says. 

Gartner’s Bittman says he thinks Mi- 
crosoft will eventually have to consid- 
er a complete Windows code rewrite. 
“It’s a lot easier to design secure code 
from Square | than it is to go back and 
find possible holes,” he says. 

It has certainly been a source of frus- 


tration for Microsoft to learn of bugs 


that date back to Windows NT 4.0. 
Steve Lipner, directory of security en- 


| gineering strategy at Microsoft, says 


the company is, in come cases, finding 
new vulnerabilities in old code, includ- 
ing new patterns of buffer overruns. 

Lipner says Microsoft does a post- 
mortem to determine the cause of 
every vulnerability, trying to find out if 
it occurred because of a process error, 
a technology problem or a program- 
mer’s mistake. “Then we’ll respond ap- 
propriately to try to update what we 
do and how we do it to make sure that 
our customers don’t suffer through the 
cost of that problem again,” he says. 

But some users are growing frustrat- 
ed. David Bryant, senior information 
security engineer at St. Petersburg, 
Fla.-based Raymond James Financial 
Inc., which has migrated about 25 of its 
500 Windows servers to the new oper- 
ating system, says he’s concerned that 
the buffer overflow problems of prior 
Windows versions affect the latest iter- 
ation as weil. He says he fears that Mi- 
crosoft may be depending on users de- 
ploying firewall technologies to secure 
its software, rather than focusing on 
writing secure code. 

“I’m disappointed that it appears 
that Server 2003 will again be an OS 
that I can count on for several critical 
patches every month,” he says. 

Maiffret at eEye says it will take an- 
other six months to determine whether 
the vulnerabilities that have surfaced 
are flukes or signs of more to 
come in Windows Server 
2003. But the early appear- 
ance of default remote sys- 
tem vulnerabilities — “the 
most severe type of vulnera- 
bility you can have in a Win- 
dows operating system” — has led him 
to conclude that Windows Server 2003 
is not substantially improved security- 
wise and that companies with large 
Windows 2000 Server installations will 
find no cost justification to migrate. 

Users of Windows NT 4.0 will be 
more compelled to move, although se- 
curity may not be the driving factor. 
Steve Yeager, vice president of infor- 
mation systems at WestAmerica Mort- 
gage Co. in Oakbrook Terrace, IIl., says 
his company was in growth mode and 
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needed to upgrade its aging NT 
servers. The new security features 
were simply a “side benefit,” he says. 
Gartner analyst John Pescatore 
views Windows Server 2003 as a major 
leap forward, and he estimates that, in 


| the long run, it will have fewer critical 


security flaws than Windows 2000. He 
notes that Gartner originally advised 
clients to wait 18 months to deploy the 
new operating system but has now re- 
duced that by six months. 

Some organizations may want to 
wait for security improvements that 
are on the way. Ballmer recently out- 
lined new technologies that will help 
to lock the memory so worms and ex- 
ploits can’t write into “bad pieces of 
memory after a buffer overrun prob- 
lem.” New perimeter inspection tech- 
nologies and role-based security con- 
figurations are due in the second half 
of next year with the first service pack 
for Windows Server 2003. 

“Microsoft has made some signifi- 
cant advances in the security of Server 
2003,” says Bryant, “but it still needs 
more work.” @ 42985 


Computerworld’s Jaikumar Vijayan 
contributed to this story. 
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underground storage facility sounds so very 1950s, 
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systems have stoked the demand for Iron Mountain’s 
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HE DRIVE FROM the 
Pittsburgh airport to the 
secret underground fa- 
cility winds through 
rolling Pennsylvania 
farmlands and woods, 
past quaint old churches 
and through tiny towns 
that time has overlooked. The access 
road to the site is unmarked, but writ- 
tend 7 to turn left just after 
a certain picnic shelter. 

A guard stops the car and searches 
it. Satisfied that the visitors don’t have 
weapons, cameras or tape recorders, 
he advises driving forward to the next 
checkpoint and honking the horn. 
There, at the mouth of an old lime- 
stone mine, a massive metal gate 
grinds open, admitting the car to an 
underground guard post for more 
searches and interrogations. 

Just when it seems that every con- 
ceivable security measure has been at- 
tended to, a guard hands the visitors a 
fire extinguisher and says it must be 
carried in their vehicle wherever it 
might travel in the 20 miles of tunnels | 
that run through the mine. 

One might reasonably assume that 
this records-storage facility, owned by 
Boston-based Iron Mountain Inc 
just miles of tape racks and filing cabi- 
nets. It is that, but it also houses a 130- 
acre underground city, where 1,900 
people work for 110 companies and 


government agencies. It has its own 
data center, bus service, fire depart- 
ment and power plant, as well as a 
water system with a five-acre under- 
ground reservoir. 

The facility is a vast catacomb 200 
feet below the surface, where electric 


| golf carts scurry among mostly un- 


marked rooms and vaults with cli- 


| mates tailored for the treasures they 


house — paper documents, digital 
magnetic media, microfilm, video and 
audio tapes, photographs, original 
prints of Hollywood films, human tis- 


sue samples and things Iron Mountain 
won't tell you about. The exact loca- 
tion of this, the largest underground 
storage facility in the world, is re- 
vealed only on a need-to-know basis. 
Digging at the mine began in 1902. 
It produced limestone for U.S. Steel 
Corp.’s nearby mills until it was aban- 


Paper records and magnetic media no longer have to be trucked into 
lron Mountain's underground facility. Now, digital archives can be 
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doned in 1950. Four years later, a com- 
pany Iron Mountain later acquired con- 
verted it into an atomic bomb shelter 
for customers’ vital records and, if nec- 
essary, customers’ executives. 

Over the ensuing decades, Holly- 
wood studios sent their precious origi- 
nal films there for long-term storage, 
federal agencies sent sensitive records 
and the people who created them there 
for secrecy and safety, and corpora- 
tions sent their vital paper records 
there for archiving. Not much changed 
over those years. 


New Rules 

Then came the scandals on Wall Street 
— at Enron, Arthur Andersen, World- 
Com and dozens of other companies. 
Congress, the U.S. Securities and Ex 
change Commission and the st 
exchanges reacted with a raft of new 
record-keeping and archiving rules 
and regulations, while employees, 
shareholders and customers unleashed 
a torrent of litigation. 

Even in situations where no legal re- 
quirement for archiving exists, judges 
in corporate governance lawsuits are 
demanding backup files of electronic 
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records, most notably e-mail messages. 


Companies that can’t produce them 
often settle the suits on unfavorable 
terms and sometimes pay stiff fines. 

In response to the resulting surge in 
demand for safe and secure digital 
records storage, Iron Mountain earlier 
this year opened a 5,000-sq.-ft. data 
center inside its secret underground 
facility. The data center includes 24TB 
of storage capacity and the equivalent 
of 1,586 Tl communication lines con- 
necting it to the world above. 

The $1.5 billion company also rolled 
out a digital records archiving service 
that customers can use to send the 
Pennsylvania facility document scans, 
e-mail and instant messages, financial 
records, Web content, images and 
anything else that can be put into 
digital form. 

So what was first a limestone mine 
and then a facility where companies 
shipped paper records and magnetic 
media to protect them from atomic 
blasts has been transformed once 
again, this time into a place where 
companies can send and retrieve their 
digital archives over private WAN 
links or through the Internet, bypass- 
ing the guards and the big steel gate. 

An IT vice president at a large New 
York brokerage, who asked not to be 
named, says his company sends Iron 
Mountain some 2 million e-mails and 
instant messages per week. The mes- 





Today, a data center in the former mine receives archival records over the Internet. 


sages flow continuously over two dedi- 
cated lines — one to a data center in 
Boston, the other to the Pennsylvania 
facility. The company has also set up 
an encrypted virtual private network 
(VPN) over the Internet as an emer- 
gency backup channel. 

The IT manager says Iron Mountain 
writes two copies of the brokerage’s 
message traffic to nonerasable WORM 
(write once, read many) media, in ac- 
cordance with a new SEC requirement. 
He says outsourcing the job met the 
company’s four goals: fast implementa- 
tion, distributed user access to ar- 
chived messages, good audit trails on 
user access and compliance with fed- 
eral regulations. 

Outsourcing message archiving was 
also attractive because it would have 
been too time-consuming and expen- 
sive to set up the WORM infrastruc- 
ture in-house and provide two separate 
physical facilities for media storage, 
the manager says. 

But he acknowledges that the 
arrangement carries with it some wor- 
ries. “You are entrusting very sensitive 
data to an external vendor, so that’s al- 
ways a concern,” he says. 

Digital records archiving is a logical 
function to outsource, says Alan Pelz- 
Sharpe, an analyst at the Boston office 
of Ovum Inc., an IT research firm. But 
even a company that specializes in 
archiving and uses state-of-the-art 





RECORDS MANAGEMENT: 


A NEGLECTED DISCIPLINE 


TRADITIONALLY, organizations have thought 
of records management as the cataloging and 
storage of inactive paper records. They may 
have document mariagement systems, where 
the emphasis is on author collaboration, docu- 
ment creation and publishing. But the fine 
points of archiving methods, retention sched- 
ules, physical storage, security, retrieval meth- 
ods and so on are often neglected or handled 
on an ad hoc basis. 

Issues surrounding the retention of elec- 
tronic messages, which companies typically 
haven't considered archivable records, can be 
especially troublesome. 

It's difficult and expensive to selectively re- 
trieve e-mails from tapes because the files 
aren't indexed, says Margaret Rimmler, a vice 
president at records-storage company Iron 
Mountain. And it's dangerous to keep too much 
information. “So a company has five years of 
backup tapes, and . . . they think they have this 
great records management program. But you 
know what? Those backup tapes are still dis- 
coverable, and they have everything on them,” 
she says. Keep records management and dis- 
aster recovery separate, Rimmler advises. “You 
set up your good records management pro- 
gram for e-records, then you set up your back- 
up tape rotation to be just for disaster recovery. 
Don't let the tapes just hang around like a lot of 
IT people do; put them on a 30-day rotation.” 

Commercial ERP and CRM systems typically 
don’t have records management and archiving 
capabilities that meet regulatory requirements, 


technology can’t address problems 
that occur before records can be cap- 
tured by a records management sys- 
tem. “Typically, the business processes 
are not in place, and some of the data 
is in paper, some is electronic, some is 
in attachments to e-mail, and guess 
what? They have no idea which is 
which and where it is,” he says. 


The Digital Archive 


In Iron Mountain’s system, a front-end 
processor running at its data center 
takes incoming records and applies 


| customer-supplied business rules that 


specify retention periods, adds tags to 
aid in information auditing and re- 
trieval, applies digital fingerprints and 
provides other records management 
and security functions. It writes the 
records to disk and later to tape, while 
creating a searchable index that’s ac- 
cessible by the customer via a Web 


| browser (see diagram). Destruction of 


records can occur automatically, based 
on customer-supplied rules, or by cus- 
tomer command. 


| THE NEW RULES OF STORAGE 


Rimmler says. Until they do, she says, users will 
need add-on products such as IBM's Content 
Manager and Records Manager, FileNet 
Corp.'s Records Manager or Records Manager 
from the Documentum Inc. unit of EMC Corp. 

Many of the pitfalls associated with digital 
records management and archiving can be 
avoided by outsourcing the job to companies 
such as Iron Mountain, Recall Corp. or Zantaz 
Inc., says Patrick Gordon, a principal consul- 
tant at Compliant Systems Consulting LLC in 
Medfield, Mass. “The benefit is there’s a whole 
infrastructure you don't have to deal with,” he 
says. But, Gordon warns, “you still have fiducia- 
ry responsibility for that information. You . 
are giving up some control and taking on an- 
other level of risk when you outsource.” 

Deciding what to save is complicated by the 
fact that any given file, such as a word process- 
ing document, usually exists in six or seven 
places in a company's IT systems, says Alan 
Pelz-Sharpe, an analyst at Ovum. Moreover, 
companies lack the tools - and sometimes 
the will - to classify files as official business 
records to be archived or “garbage” that should 
be deleted as soon as possible 

But the biggest records management chal- 
lenge of all, according to Pelz-Sharpe, is this: 
“Nobody wants to do that work. It's boring, and 
there’s no ROI. You have CiOs and CFOs say- 
ing, ‘Well, | guess we have to do this because 
it's the law,’ but there’s absolutely no enthu- 
siasm for it.” 

- Gary H. Anthes 


The Digital Archive service, which 
costs about $12 per month per giga- 
byte, is a remote records management 
system that applies file-level logic and 
accessibility to information for compli- 
ance and other purposes. Iron Moun- 
tain offers a remote service called 
Electronic Vaulting for off-site bulk 
data protection for disaster recovery. 

For whatever purpose — disaster 
recovery, legal compliance or simply 
preserving corporate history — Iron 
Mountain’s old mine will receive more 
and more of its inventory electronical- 
ly, says the IT vice president at the 
New York brokerage. His firm is likely 
to move in that direction as it begins to 
bypass paper entirely. “Records will be 
digital to start with,” the IT manager 
says. “It will be a natural progression 


over time.” @ 43003 


Laws such as HIPAA and the Sarbanes-Oxley Act are 
forcing IT managers to re-examine their storage 
infrastructures: 
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The New 
Internet 


Researchers are building 
anew Net, one layer at a 
time. By Lucas Mearian 
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| Store, which is a utility-type 


ESEARCHERS develop- 

ing the next incarna- 

tion of the Internet 

say it will be faster, 
more reliable and more se- 
cure. Moreover, it will be self- 
aware and able to determine 
the best way to deliver data 
and services. 

The most prominent next- 
generation Internet project is 
PlanetLab, a research testbed 
that’s been in existence for 
about a year and a half. 
It consists of 160 
servers hosted at 65 
sites in 16 countries. 
The goal is for Planet- 
Lab to grow to 1,000 widely 
distributed server nodes that 
connect into the majority of 
the current Internet’s regional 
and long-haul backbones. 

“It’s a playground for new 
services. Depending on which 
service you're most excited 
about, that’s what PlanetLab 
will look like,” says Frans 
Kaashoek, a professor of com- 
puter science and engineering 
at MIT, a PlanetLab developer. | 

Kaashoek and other scien- 
tists are developing architec- 
tures that will automatically 
distribute data to multiple 
points around the globe in or- 
der to speed delivery and will 
have multiple network paths 
to ensure that data gets to its 
destination. The network will 
read data requests and direct 
them to the servers closest to 
the point of origination to ful- 
fill the requests. 

The challenge for scientists 
is to put intelligence into the 
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| network itself so it can under- 


stand the information that’s 


| being transported across thou- 
| 


sands of servers and millions 
of miles of cable. 

PlanetLab, which is up and 
running for the research com- 
munity, is a joint project being 
led by Intel Corp. and about 70 | 
university scientists around 
the world. 

Just as the Internet was an 
overlay network on top of the 
telephone network, 
PlanetLab provides 
for an additional layer 
on top of the Internet. 
In turn, services such 
as streaming media, peer-to- 
peer file sharing and video- 
conferencing will be layered 
on top of PlanetLab. 

One network layer atop 
PlanetLab is IRIS, or the Infra- 
structure for Resilient Inter- 
net Systems. IRIS promises to 





speed up searches and infor- 
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mation transfers by using a 
self-organizing, peer-to-peer 
overlay network to position 
data closer to end users and 
thwart denial-of-service at- 
tacks by balancing loads 
among Web servers. 

John Kubiatowicz, an asso- 
ciate professor at the Univer- 
sity of California, Berkeley, 
says IRIS is a radical depar- 
ture from the client/server 
model and application-specif- 
ic environment of today’s In- 
ternet because of its ability to 
spread data and rebuild it us- 
ing sophisticated algorithms. 

Kubiatowicz is also working 
on another layer to ride on top 
of PlanetLab, called Ocean- 


service for storing data across 
millions of servers. 


Backup Plan 


In OceanStore, Internet ser- 
vice providers and others 
would be paid to act as reposi- 
tories for the world’s informa- 
tion, which would be kept as 
multiple copies, protected by 
encryption and automatically 
rebuilt should any single stor- 
age point fail. 

“If you think about the clas- 
sic problem with archival stor- 
age, data resides on tape in 
some basement, and 10 years 
later you can’t read the tape,” 
Kubiatowicz says. 

“The only way data can be 
preserved over the long haul is 
if it’s separated from the physi- 
cal media it’s originally stored 
on. That means the places 
where it is stored must change 
over time,” he explains. 

OceanStore’s software does 


| that by breaking data into 
many tiny, encrypted parts 
and moving them across a vast 
array of Web servers that can 
be driven by policy engines to 
resave or move data to differ- 
ent formats over time. 

“You'd pay a monthly fee to 
a company to provide a stor- 
age service, and in turn, that 
data would be kept secure for 
hundreds of years, protected 
via encryption, and it could be 
accessed from anywhere in 
the world quickly because it 
would be cached locally,” Ku- 
biatowicz says. “Basically, 
you'd be able to plug into the 
wall and get storage.” 

Kubiatowicz says compa- 
nies could use OceanStore 
for routing data in-house to 
servers across their entire in- 
frastructures for greater re- 
dundancy and resiliency. 

Netbait is another layer 
running on the PlanetLab test- 
bed. Like a doctor tracking a 
new virus in the body in order 
to discover how to fight it, 
Netbait will be able to track 
worms and viruses as they 
appear and watch how they 
propagate, developing pro- 
files to help stop them in their 
tracks. 

“Tt’ll look at the way [a 
virus] is trying to penetrate a 
Web site. That would allow 
you to have an early warning 
of worm or virus behavior, al- 
lowing for faster diagnostic 
analysis and the ability to warn 
people about how to protect 
themselves from it,” says Kevin 
Teixeira, a spokesman in In- 
tel’s research division. 

While scientists are cur- 
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Aself-organizing, peer- 
to-peer overlay network to po- 
sition data closer to end users. 


rently using PlanetLab to dis- 
seminate research informa- 
tion, one of the most promis- 
ing aspects of the network for 
everyday users is its ability to 
provide multiple copies of 
data or video on servers 
throughout the world, closer 
to those requesting it. 

“There are more servers 
and more clever algorithms 
that know how to send data to 
the closest computer and 
cache it there,” Kaashoek says. 

The new Internet will un- 
fold over many years, he says. 

“Just as the telephone [net- 
work] emerged, this overlay of 
intelligent networks will grow 
and populate, and there'll be 
certain versions of it that peo- 
ple will eventually standardize 
on,” Kaashoek says. “In an 
evolutionary way, the Internet 
will upgrade itself over time.” 


@ 43089 





YOUR NEXT-GENERATION NETWORK 
COULD BE JUST A SWITCH AWAY 


More and more of your desktops, notebooks and servers are equipped with Gigabit Ethernet—but are your switches also ready for the 
increased demands of real-time business? Broadcom’s highly integrated Gigabit technology is designed to speed the cost-effective 
migration from Fast Ethernet to Gigabit Ethernet, end to end. That’s why the top 5 switch manufacturers turn to Broadcom when they need 
high-performance, field-proven Gigabit Ethernet chips' with advanced features like the industry’s only built-in, real-time cable 
diagnostics and correction. So whether you’re upgrading your entire enterprise, your remote offices or just select departments, Broadcom 
technology inside your switches gives you what you need to complete your next-generation network—today. 


To have a true next-generation network, you need to h 

Ethernet throughout your network, end to end. Wher 
upgrade your switches, look for Broadcom® technology to help you 
create that hassle-free network. Register for our new webcast 
“Network Infrastructure for the Next-Generation Real-Time Enterprise 

now at www.computerworid.gobroadcom.com/webcast 


Broadcom®, the pulse logo, Connecting everything® and the Connecting everything ’ eos ee ee 
fogo are trademarks of Broadcom Corporation and/or its subsidiaries in the United 

States and certain other countries. Ail other trademarks are the property of their 

respective owners 


Source: IDC, Network Qview, August, 2003 
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servers featuring Intel® Xeon” processors to network support products like PowerVault™ storage and PowerConnect” switches, Dell offers 
flexible, high-performance industry-standard technologies and software solutions that are just right for your particular business needs 

we'll help you every step along the way. Whether it's planning and design, testing and validation, systems management, or our 
award-winning 24x7 service and support, Dell will help you create an IT infrastructure that’s easy to choose, deploy and manage. So 


make life easy on yourself and get a big advantage over your competition—with a unique IT solution from Dell 


PC Magazine Editors’ Choice Award 
PowerEdge 1750 


—October 28, 2003 


Call: M-F 7a-8p Sat 8a-5p, CT 


Dell has a customized IT solution for your business, no matter what business you're in, or what size it is. From PowerEdge” 


Reliable servers that make 
managing your network easy 


File&Print Servers 


NEW POWEREDGE™ 400SC SERVER aaa asa Ta 


| Small Business Value Server 

| © Intel® Celeron® Processor at 2GHz 
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| 
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of Internal Hard Drive Storage 
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© Embedd 
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© 1-Yr Next 

@ Small Business Pricing 


Site Service 


$399 E-VALUE Code: atin 
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Hosting Servers diverse networks 
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| Multi-Use Tower Server 
is Intel® Xeon™ Processor at 2.40GHz 
© Dual Intel® Xeo ocessor Capable (Up to 3.20GHz) 
© 512MB 266MHz ECC DDR SDRAM 
© Upgradable to 6GB of SDRAM 
© 36GB (10K RPM) Ultra320 SC t 
© Active ID Bezel for Monitoring System Health 
© 3-Yr Next Business Day On-Site Service’ 
© Small Business Pricing 


$1799 


4-Way Servers 


Build a powerful, protected network 


as low as $49/mo., (46 pmts®) 
E-VALUE Code: 20259-S21217g 
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| High-Speed Mission Critical Tower Server 
© Inte!” Xeon” Processor at 1.50GHz 
© Quad Intel® Xeon™ Processor Capable (Up to 2.80GHz) 
© 512MB DDR SDRAM 
© Up to 32GB 266MHz DDR ECC SDRAM 
e Up 752GB Maximum | 
© Embedded Ultra SCSI Ade 
© Standar Swap Hard Driv 
Fans and Hot-Swap Re 


© 10 Hot-Plug PCI-X Slot 


| starting at 
$ as low as $107/mo., (46 pmts®) 
E-VALUE Code: 20259-$21239g 


| 1U Value Rack Server 


s $33/m s 
Code: 20259-S21211g 


POWEREDGE™ 1750* RACK SERVER 


Feature-Rich 1U Rack Server 
| © Intel® Xeon” Processor at 2.40G 


w as $55/mo., (46 pmt 
VALUE Code: 20259-S21220g 
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Network Switches 


Scalable, high-performance switches 
to enhance your network 


POWERCONNECT ™ 3324* SWITCH 


High-Performance Workgroup Switch 


$ 3s low as $14/mo., (46 pmt 
E-VALUE Code: 20259-S11204 


Solutions that fit. Easy as D@LL 


Click www.dell.com/bizsolutions Cal! 1-877-776-3355 
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single Sign-on 
Effort Falis Short 


With no input from IT security, a system is 
adopted that leaves out some apps and 
creates headaches. By Mathias Thurman 


UST WHEN I THOUGHT 


we had solved one set of | 


IT security problems by 

getting the human re- 
sources department to proper- 
ly train new hires, another has 
cropped up with our IT team 
and a new single sign-on sys- 
tem it has deployed. The sys- 
tem was designed without in- 
put from the IT security team 
and at least one other 
department that will 
be affected. Now 
we're dealing with the 
issues after the fact. 


project addresses a 
significant problem. 
There are several ways for em- 
ployees to log into different 
parts of our IT infrastructure, 
and each requires entering a 
separate set of credentials. 

The single sign-on system 
will make life easier for users, 
giving them access to a broad 
set of applications and ser- 
vices with just one user ID 
and password. 

The IT group has been talk- 
ing about this for some time, 
but several obstacles have 
kept the project sidelined until 
now. The biggest was the fact 
that we bought Novell Inc.’s 
eDirectory directory services 
and iChain identity manage- 
ment software to handle the 
authentication of our People- 
Soft system. 

But we also deployed Win- 
dows 2000, which uses Active 
Directory for authentication, 
and our Exchange server uses 
yet another directory struc- 
ture. 

Unfortunately, these infra- 
structures were designed sep- 
arately, with no common vi- 
sion, so there’s a lot of dupli- 


cation. To make matters 
worse, none of these directo- 
ries were mirrored in anticipa- 


| tion of a catastrophe. Sure, we 
| backed up the data, but we 

| didn’t have another system on 
| standby to take over the au- 

| thentication process in the 


SECURITY 
MANAGER'S 
The single sign-on JOURNAL ri 


| event of a hardware failure. 


This week, the IT group and 


I finally began migrating users 


to a single authenti- 
cation system based 
on eDirectory that’s 
fully mirrored, clus- 
tered and load- 
balanced. 
We mirror the 

data to another data 


| center, so in the event of a fire, 


malicious damage or other 


| event, the alternate data cen- 
| ter will automatically begin 


accepting authentication re- 
quests. 


| The No-Name Log-in 


This new system makes log- 
ging in very convenient, ex- 


| cept for one problem. Instead 


of logging in with our tradi- 


| tional usernames (we used a 
| naming convention that close- 


ly matches each employee’s 


| actual name), we’re using 


Identifying the users 
requires matching 
the IDs to the users’ 
names. It will be an 
annoyance and take 
a lot of time. 





| employee ID numbers. 


Personally, I didn’t even re- 


| call that I had an employee ID, 
| much less remember the num- 
| ber itself. Until now, our IDs 


had been used only by the HR 


| and finance departments for 


personnel tracking, so I was 
surprised when I received an 
e-mail stating that I must start 
using mine. Like other em- 
ployees, I was given a week’s 


| advance notice and informed 
| that I would also have to 
| change my password. 


The decision to use our em- 
ployee ID numbers in this way 
has implications for the IT se- 
curity team. It will end up cre- 
ating more work for my group 
and some other groups, such 
as the IT help desk. Here’s 
why: In our case, most of the 


| audit and security software we 


use lets us view users by 
name. Because our log-in 


| names are based on the users’ 


real names, we can quickly 
match the person to the event 


| when there’s a problem. 


With the new system, all we 
see is a number. Identifying 
the users requires the extra 
step of matching the IDs to 


| the users’ names. Given the 


frequency with which we'll 
need to do that, it will be an 


| annoyance and take a lot of 
| time. 


Neither the IT security 
group nor the IT help desk 


| was included in the decision- 


making during the design of 
the single sign-on system. Had 


| we been involved, both groups 


would have voiced strong ar- 
guments against using em- 
ployee IDs for this purpose. 
While I don’t yet know why 
the decision was made, I 
would certainly agree that 
there is a sense of anonymity 
in using numbers. Perhaps 
that was the driving factor. 
So far, the problem isn’t so 
bad, because only a few hun- 


| There’s another problem with 
| sive of all our applications. 


| developers use a content ver- 


| 
| 
| 
| 


use this system. To configure 
| sign-on would be a nightmare. 


| uses CRM tools. Since the in- 


| keep all of these specialized 





dred people have been con- 
verted to the new system. But 
soon the entire company will 
be using it. 


Not-So-Single Sign-on 
the new system: It’s not inclu- 
For example, our software 


sioning application that tracks 
changes in software under 
development. There are also a 
dozen or so external develop- 
ment sites, several of which 
are outside of the U.S., that 


this application to use single 
Also, the sales department 


formation this system contains 
is highly confidential, the IT 
team decided not to incorpo- 
rate the sign-on for it in the 
enterprise directory. 

Within the security depart- 
ment, we have RSA SecurID 
servers configured to authen- 
ticate systems and network 
administrators to resources 
within the infrastructure. It 
would be nice if we could tie 
that whole system into the en- 
terprise single sign-on appli- 
cation, but we would have too 
much to lose if there was a se- 
curity breach. 

We use SecurID for access 
to our most critical systems, 
which are responsible for our 
revenue and corporate image. 
But for now, we are going to 


environments separate from 
the environment that caters to 
the mass employee populace. 
So, what’s the lesson 
learned here? It’s that even as 
my company and others throw 
around the term single sign-on, 
it’s rare that an organization of 
our size can institute a true 
single sign-on environment 
that works for all applications 
enterprisewide. D 


WHAT DO YOU THINK? 


This week's journal is written by a real securi- 
ty manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 


| 





© computerworld.com/secjournal 
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The Best Damn Firewall Book 
Period, by Cherie Amon, 
Thomas W. Shinder and Anne 
Carasik-Henmi; ck 
Syngress, 2003 cd 

If you do any secu- 

rity consulting, 

you'll want to pick 

up this book - and 

you'll need to use 

both hands because 

it has 1,200-plus 

pages and weighs about three 
pounds. 

The Best Damn Firewall 
Book Period is an encyclope- 
dic source of information on 
some of the most widely used 
firewalls, with extensive de- 
tails on Cisco PIX and Check 
Point firewalls. The authors 
provide so many details that 
you can completely install, 
configure and go live with one 
of those brands without using 
any other documentation. One 
caveat: The book covers only 
newer versions of these fire- 
walls; users of older products 
should look elsewhere. 

Ihave a few quibbles. For 
example, the increasingly pop- 
ular NetScreen firewalls aren't 
covered, and the chapter on 
Snort intrusion-detection soft- 
ware is no replacement for a 
good Snort 2.0 reference 
book. However, users of new- 
er PIX and Check Point prod- 
ucts certainly can’t go wrong 
with this title. 

~ Mathias Thurman 


Check Point Offers 
New VPN-1 VSX 
Check Point Software Tech- 
nologies Ltd. has upgraded its 
VPN-1 VSX virtual private net- 
work security appliance. It 
now includes Check Point's 
Application Intelligence tech- 
nology to protect against ap- 
plication layer attacks, as well 
as SmartDefense network 
attack protection and VPN-1 
SecureClient for remote ac- 
cess and desktop security. 

VPN-1VSX supports up to 
250 virtual systems running 
on one platform, according to 
Redwood City, Calif.-based 
Check Point. VPN-1 VSX is 
available now and starts at 
$24,000. 





LOA 


SECURITY 


iwantto Stop _ thinking about the thréats that could fill my network, 


and start thinking about the people that could fill this space. 


Po 





nm and Network Protection Solutions, McAfee. Secunty. dox 
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THE WORLD'S #1 WEB HOST IS HERE 
TO HELP YOU DO MORE ON THE WEB 


GET OUR BEST HOSTING PLAN — NORMALLY $29/MONTH 


3 YEARS FREE 


LIMITED TIME PRE-LAUNCH PROMOTION 
SAVE $1000 — NO COMMITMENT NECESSARY 


500 MB, 5x FTP, backups, Firewalls 

5000 MB/mth traffic, $0.99/GB only for additional 

traffic, 99.9% up-time guarantee 50 POP3 accounts, Symantec 

virus scanning, Webmail Live site statistics, log files, 

turnkey CGl-library, own CGI, FrontPage 2002 extensions, multiple pass- 

word protection, mySQL, SSL encryption, Cron Jobs, SSH, Developer tools 
1&1 Express support 


No credit card needed. 
No obligations. No banners. No 
spam. No calls. Strict privacy. 


Upload your current 
site. Or, build a new one with 
template-ready WebsiteCreator. 


Form editor, Newsletter Management tools, 
one-on-one online dialogues, turnkey web database applications, Chats, 
Forums Template-ready online WebsiteCreator, full ver- 
sion NetObjects Fusion 7.0, Search-Engine Registration and many 
more worth $300, absolutely free Register or transfer 
unlimited com and other leading domains for just $5.99 each per year, 50 
sub-domains, point up to 100 domains registered elsewhere to this plan 
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Upgrade your site 
with ready-to-run forms, chat, 
database applications and more. 


Sign up today 
and we'll give you a $25 voucher 
for Google AdWords™. 


By creating this unique opportunity to test 1&1 risk-free, we are investing in you rather than additional 
advertising. You see, we believe you'll be so pleased with our services, you'll stay with us and even recommend us to your friends. Then after 
the 3 years, you can effortlessly switch to any 1&1 hosting plan ranging from $5 to $29. One plan per custoiner only. Promotion expires 1/14/04. 


Member: of 
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Radware Releases 
Security Switch 


Radware Inc. in Mahwah, N.J., 
last week announced the release 
of DefensePro, a high-perfor- 
mance security switch that’s 
designed to handle multigigabit 
security switching, intrusion pre- 
vention and denial-of-service pro- 
tection. DefensePro is available 
now. Pricing starts at $25,000. 


Mirapoint Updates 
Message Server 


Mirapoint Inc. is releasing a new 
version of its Message Server 
e-mail appliance, called the 
45-Series, and a new Message 
Director MD450 security appli- 
ance. Updates include replacing 
Intel Pentium Ill chips with more 
powerful Xeon processors, ac- 
cording to Sunnyvale, Calif.- 
based Mirapoint. The Message 
Server line begins at $15,000, 
while pricing for Message Director 
starts at $25,000. 


Beta for Speech 
Server Released 


Microsoft Corp. last week re- 
leased the second beta version of 
its Speech Server. The new beta 
can run multiple applications and 
adds support for Peabody, Mass.- 
based ScanSoft Inc.’s Speechify 
Text-to-Speech Engine 3.0. Also, 
Microsoft released the fourth beta 
version of its Speech Application 
Software Development Kit. The fi- 
nal versions of Speech Server 
and its accompanying software 
development kit are due in the 
first half of next year. 


Proxim Offers Free 
Wireless Upgrades 


Proxim Corp. this week will re- 
lease free firmware upgrades for 
its enterprise-class wireless LAN 
access points. The upgrades will 
make it easier for IT managers to 
detect rogue access points and to 
centrally control power levels of 
access points, according to Sun- 
nyvale, Calif.-based Proxim. 





TOMMY PETERSON 


Make Your List, 
Check It Twice 


S THE YEAR DRAWS to a close, we find 
ourselves surrounded by the festive tradi- 
tions of the season. Jolly old elves and 
prancing reindeer have been trucked in 
and deposited on the manicured lawns of 
corporate headquarters and bask in the glow of the 
lights proclaiming “Season’s Greetings” to passing mo- 
torists. Miniature trees and plastic candles twinkle 


cheerfully in corners of of- 
fices and cubicles. There are 
way too many sweets every- 
where. 

Grown men and women in 
IT shops are making wish 
lists and formulating their 
justifications for having 
those wishes fulfilled. Of 
course, since they’re prepar- 
ing their pitches for the busi- 
ness side of the company in- 
stead of for a short, white- 
bearded guy with a body 
mass index of 35, their argu- 
ments rest on productivity 
and ROI rather than on whether the 
geeks have been naughty or nice. 

Those lists CIOs and other high- 
level IT managers make of their spend- 
ing priorities for the year ahead will be 
checked more than twice as their com- 
panies navigate into and through 2004. 
Toys for techies are gone from enter- 
prise IT budgets, but technology invest- 
ment is essential if companies are to 
move ahead or even keep up with the 
competition. In these budget confronta- 
tions, however, discretion is often the 
better part of valor. Below are my picks 
for the technology areas that IT man- 
agers should focus on for now if they 
want to avoid duking it out with their 
CFOs — and probably losing. 


® Storage, especially storage management. 


Storage falls a little short in the glamour 
department, but in an information econ- 
omy, companies must have somewhere 
to keep and some way to manage all that 
information. Adding to the pressure is 
the growing array of state and federal 





regulations requiring busi- 
nesses to retain even more 
information. As the mounds 
of data grow, users demand 
easier access to stored data 
and flexibility in storage re- 
sources. Management sys- 
tems and virtualization soft- 
ware come with hefty price 
tags. But no one would ac- 
cuse an IT manager of going 
for the glitz for proposing 
them, and storage is central 
to almost any business. 
Storage also includes the 
backup and disaster recov- 
ery technologies that ease the minds of 
everyone in the company fretting about 
terrorism, natural disasters and trees 
growing around power lines in Ohio. 

@ Security. You won’t have to fight for 
this one. Even through the past couple of 
years when the remnants of the technol- 
ogy bubble were unattractively splat- 
tered all over the economy, companies 
were spending on IT security. Antivirus 
software, intrusion detection and pre- 
vention systems and patch management 
systems are all essential investments — 
just make sure they are implemented 
along with well-crafted security policies 
and enforced best practices, which are as 
important as the technology. 

Identity and access management sys- 
tems that include provisioning and 
strengthened authentication mecha- 
nisms can increase productivity along 
with security in your organization. 

® Business intelligence and data warehous- 
ing. Carefully chosen and deployed busi- 
ness intelligence systems do the magic 





trick at the heart of IT: They change 
amorphous piles of data into useful 
information and open an avenue to in- 
sights that can transform a business. Just 
be wary of the seemingly endless vari- 
eties of software that offer “real-time” 
monitoring of every peristaltic burble 
and hiccup in the enterprise, to no ap- 
parent business end. 

@ Middleware and other integration tech- 
nologies. Heterogeneous IT environ- 
ments are a fact of life — even a blessing, 
say some. Companies that want to con- 
tinue getting value from their legacy sys- 
tems as they add new systems and appli- 
cations will need the technology to link 
them together. 

I fear that this list is the IT equivalent 
of the socks and underwear your mother 
always gives you. But these are the es- 
sential technologies, the ones in which 
your company can’t afford to fall behind. 
This isn’t the year to ask for the pony. 

The adoption of wireless is inevitable, 
and the technology has already penetrat- 
ed to the center of some industries, but 
for most businesses, it’s still a novelty. 

I’m convinced that Web services will 
eventually transform IT, but the technol- 
ogy still operates at the margins, maybe 
because the standards stack is still in 
flux. Or perhaps because infrastructure- 
level Web services are just beginning to 
receive attention. 

Certainly take a hard look at open- 
source options when you're shopping for 
technology. 

Keep an eye on voice over IP, the re- 
turn of CRM, and new search and text- 
mining technologies that will help you 
take a crack at squeezing some intelli- 
gence out of all that unstructured data 
piling up in your company. 

And be patient. There’s a good chance 
the economy will be stronger a year 
from now. The technologies will mature 
and improve. Maybe it will be time for 
the pony — or at least the latest version 
of PlayStation. @ 43260 
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FIREPASS 
_ SECURE REMOTE ACCESS 
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know what a challenge it can be. But now there is an easier 
way to give employees, customers, and partners secure remote 
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FirePass is a powerful solution that allows your users to get 
remote access to critical applications and data from any Web- 

~ enabled device or location—without compromising the security 
mela Mate. 


FirePass provides simple, secure and reliable remote access. 

* Controls the level of application access based on the type 
of user and device. 

Leverages your existing authentication servers to validate 
and authorize user access. 

¢ Requires zero changes to your existing application servers 
and takes minutes to deploy. 

e Simplifies remote access for everyone with no clients to 
configure and little or no user training. 


. Now employees, customers, and partners can securely access 
- authorized applications from any Web-enabled device at any 
location. 


Simply put, it's easier. 


Learn more with a FREE guide to secure remote access and~ 
an online demo. Visit ww.f5.com/FirePassCW or call 


1-866-885-9201 today. 
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OPINION | 

: : | The Pros & Cons of CMM 
Behind the Eight Ball Outsourcers tout their high Capability 
Maturity Model ratings, yet many U.S. 
companies can’t take advantage of 
that quality and end up paying for 
more than they need. Page 50 


Bart Perkins says the big outsourcers 
are being undercut by smaller upstarts. 
It’s bad news for giants like IBM and 
EDS, but it could mean falling prices 
for their clients. Page 54 


Preventing P2P Abuse 


———— 
i 


= 


Corporate IT managers can learn from their 
counterparts on college campuses who have 
become experts in combating the security 
and network overload problems caused by 
peer-to-peer file swapping. Page 52 





A brain drain is coming when 
the economy improves, and your top IT 
talent may be headed out the door. 
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ALF YOUR IT MIDDLE managers 
may be planning to quit as soon 
as the economy improves. Recent 
surveys and anecdotal evidence 
indicate that many have already 
checked out psychologically and 
are just waiting for the chance to 
move on. If you don’t prepare for this exodus, when 
the money loosens up and IT initiatives begin to 
flow, you may find that you lack the talent to deliver. 

The impending IT brain drain is “one of the dark 
secrets of the industry right now,” says Vaughan Mer- 
lyn, an analyst at The Concours Group in Kingwood, 
Texas. “Wherever I go, the grumbling amazes me. I 
see it all the time.” 

“People tell me awful tales about working, and 
their loyalty is shot,” adds Tom DeMarco, a consul- 
tant at Cutter Consortium in Arlington, Mass., and 
author of Slack: Getting Past Burnout, Busywork and 
the Myth of Total Efficiency (Broadway Books, 2002). 
“The problem is that they’re all liable to leave at the 
same time.” 

A July 2003 survey of 509 U.S. middle managers by 
Accenture Ltd. found that 38% are currently looking 
for another job and 10% plan to go job hunting when 
the economy improves. Though the survey didn’t fo- 
cus exclusively on IT, Ed Jensen, a partner in the hu- 
man performance practice at Accenture, says IT 
managers at various client sites have told him they’re 
essentially already gone. 

Late last year, another survey, by Spherion Corp. in 
Fort Lauderdale, Fla., and Harris Interactive Inc. in 
Rochester, N.Y., questioned 3,278 U.S. workers and 
found that 51% want to leave their current jobs (up 
from 33% in 1999). The dissatisfaction is even more 
pronounced in IT, where 40% of workers reported 
poor or fair job satisfaction compared with 28% of 
the total sample. 

“There’s a large amount of dissatisfaction out 
there,” says Scot Melland, CEO of Dice Inc., a Web- 
based recruiting firm in New York. “Some of it might 
be fair and some a reaction to how the world has 
changed, but it’s real.” 


A Seismic Shift 


Job changing after an economic upheaval isn’t unusu- 
al, but observers say recent history and a seismic de- 
mographic shift will make the coming phenomenon 
worse than in the past, especially in IT, where bud- 
gets have been axed particularly hard. “Many IT peo- 
ple were downsized, and those who remained find 
themselves literally overwhelmed,” Merlyn explains. 
“People are feeling used,” DeMarco agrees, adding 
that baby boomers remember similar treatment dur- 
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Emergent Workers 


The “emergent” worker crosses all boundaries of age, education, industry 
and company size, but IT workers are among the most emergent, according to Spherion. 
Here’s how emergent workers differ from traditional employees: 


Commits for the long term. 
Wants employer to provide the career path. 


Ore et MNT URS MTEL Ome Clear TiTe| 
clear direction. 


EU Cen Teter Miceme im Tei 
Thinks changing jobs can damage career. 
Defines loyalty as longevity. 


ing the downsizings of the early 90s, and many Gen 
Xers saw their parents laid off in those days. “So any 
loyalty they might feel is complicated by the fact 
their parents were screwed,” he says. 

As a result, Gen Xers came to IT expecting to work 
for many companies over the course of their careers. 
“They’re much more open to saying, ‘If I can’t get it 
here, I’ll find it elsewhere,’ ” Jensen says. “It’s a differ- 
ent mind-set — a free-agent mind-set.” 

Since that ability to move has been curtailed by the 
tight job market, there’s a pent-up desire for change, 
even among those with few com- 
plaints, Merlyn says. 

The Emerging Workforce Study 
conducted by Harris and Spherion, 
which has measured changes in work- 
force attitudes since 1997, has docu- 
mented a significant shift. As late as 
1997, 34% of workers surveyed still 
held “traditional” values that empha- 
size long-term company loyalty (see sidebar above). 
This year, only 21% did, and in IT, only 9%. The 
rest held “emergent” or free-agent values, or were 
migrating in that direction. 

Despite this shift, Spherion estimates that more 
than half of U.S. companies still use traditional man- 
agement styles and as a result are in danger of losing 
their emergent workers at an even higher rate. 

Replacing IT workers who leave won’t be as 
easy as it looks, DeMarco says. “The buffer of unem- 
ployed IT people could be hired up in the first two 
or three months,” he notes, “and workers in IT are 
not fungible.” Those available are disproportionate- 
ly generalists without the skills you'll be looking 
for, he says. 

Besides, you'll need to do more than replace; you'll 
need to grow. 

The U.S. Bureau of Labor Statistics forecasts that 
the top five fastest-growing job categories through 
2010 are all in IT: software applications engineer, 
support specialist, systems software engineer, net- 
work and systems administrator, and network sys- 
tems and data communications analyst. 

Meanwhile, the vanguard of baby boomers will 
soon be reaching retirement age, and the numbers to 
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Emergent employee 
= Commits to perform now. 
= Wants responsibility for career path. 


Pees my Ue) ye mCi lm cr- lene! 
and growth. 


= Wants rewards based on performance. 
= Thinks changing jobs can enhance career. 
= Defines loyalty in terms of work contribution. 


replace them just aren’t there. According to Harvard 
University economist David T. Ellwood, from 1980 
to 2000, the “prime-age” workforce — 25 to 54 — 
grew by 54%. Over the next 20 years, it will grow 

by only 3%. 

“We’re in the middle of a major demographic shift,” 
says Jensen. “It’s one thing to say people are turning 
over, but the pool of talent that is available to replace 
them is tight, and that will drive the price up.” 

In fact, the cost per hire has increased nearly 71% 
since 1998, according to the Saratoga Institute Inc., a 
Santa Clara, Calif.-based human re- 
sources unit of Pricewaterhouse- 
Coopers. Spherion estimates that the 
cost of replacing lost emergent work- 
ers could be about $1 million for an 
IT group of 100. And that’s assuming 
you can replace those who leave. 

Given all these impending pres- 
sures, the postrecovery decampment 
will be happening at the worst possible time. “The 
problems that arise are myriad: the loss of knowledge 
in the organization, managing the workload, disrup- 
tion as people leave and the expense of replace- 
ment,” Jensen says. 


Heading Off the Exodus 

Despite the convergence of risk factors, some IT 
managers may be blindsided by the exodus because 
when jobs are scarce, people don’t complain. “People 
might grumble around the cooler with colleagues, 
but they probably don’t grumble upwards,” Merlyn 
says. “You keep your head down and lay low.” 

But there are things you can do to assess and miti- 
gate your risk. 

® Look for signs of unhappiness, and draw managers 
out on how people are feeling. 

= Check confidential employee surveys for signs that IT 
employee engagement has gone down. “That could 
be a leading indicator that people may move on 
when things turn around,” Merlyn says. 

§ If you can’t survey the entire IT workforce, try to con- 
duct spot surveys on one or two issues, or put a few ques- 
tions on an employee portal to identify segments of 
your IT organization that are particularly disenchant- 
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ed, Jensen says. “Then you can take more targeted 
steps to deal with the [potential] loss of key people.” 

@ Communicate candidly with the workforce. “Employ- 
ees understand and can handle the fact that the econ- 
omy is tough,” Jensen says. “They want to feel part 
of the process and understand why decisions are 
being made.” 

= Cancel overtime. “Constant overtime is a deadly 
cause of burnout and the sense of being used,” De- 
Marco says. 

@ Hire now. “You have to be ahead of the curve in the 
staffing work that’s going to have to be done,” DeMar- 
co says. By taking extra work off people, you may 
change their minds about leaving. Even if they do 
leave, each person you hire now is one you won’t have 
to hire later in a tougher, more expensive market. 

@ Know your “A” players, and make sure you're doing 
everything you can to keep them happy, Merlyn says. 

@ Get your people focused on the future. 

Even with a limited budget, you can generate ex- 
citement and optimism, Merlyn says. Engage your “A” 
players in rethinking the vision and strategy, reposi- 
tioning the team, upgrading skills and adjusting 
roles. If your company has been laying off people 
and just shifting the work to others, you may find 
redundancies that can be eliminated to take the 
pressure off and move the survivors on to higher- 
value activities. 

Even if you’re not able to move ahead on a growth 
agenda yet, he says, strategizing and planning “feels 
constructive, and it gets people engaged in thinking 
about an optimistic future rather than a pessimistic 
present.” © 43001 





Melymuka is a Computerworld contributing writer. 
She can be reached at kmelymuka@yahoo.com. 


Warning Signs 


Computerworld’s 2003 Job 
Satisfaction Survey uncovered the kind of 
grumbling that will lead to an IT brain drain. 


42% said they're 
dissatisfied with their companies. 


56% reported that their level of 
satisfaction with their companies has 
decreased compared with one year ago. 


69% don’t think they're working 
to their full potential. 


55% said they're dissatisfied with 
their opportunities for advancement. 


82% reported finding their work stressful. 


59% reported being more stressed 
out than they were a year ago. 


50% disagreed with the statement, “My em- 
ployer is successful at building employee loyalty.” 


Base: 936 respondents (IT workers, managers, consultants and contractors) 
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THE PROS & CONS OF 


CMM 


Outsourcers tout their Capability 
Maturity Model ratings, but they may be 
overkill for some clients. BY JULIA KING 


WHAT’S IN A CMM RATING? 

Does hiring a CMM Level 5 service 
provider guarantee that an outsourced 
software project will come in on time 
and on budget? 

Will a higher CMM rating automati- 
cally mean higher costs? 

What impact does earning a rating 
have on software quality? 

These are just a few of the questions 
confronting IT managers charged with 
contracting out an increasing volume 
of application development and main- 
tenance work to lower-cost offshore 
outsourcers. 

Developed by the Software Engi- 
neering Institute (SEI) at Carnegie 
Mellon University in Pittsburgh, CMM 





— short for Capability Maturity Model 
—— is a set of rigorous standards for 
software development that’s based on 
five levels. Of some 70 companies 
worldwide that have publicly acknowl- 
edged reaching the highest rating of 
Level 5, about 50 are in India, accord- 
ing to the SEI and Gartner Inc. 

Not surprisingly, these Indian out- 
sourcers aggressively tout their CMM 
rating, marketing themselves as top- 
notch developers with standardized, 
repeatable processes in place for deliv- 
ering the highest quality software. Exe- 
cuting standardized processes also 
works to keep down costs, enabling 
Level 5 providers to pass on additional 
savings to customers, according to 


Higher CMM levels correlate with fewer soft- 
ware defects, according to this research: 
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Sangita Singh, head of strategic mar- 
keting at Wipro Ltd., an Indian out- 
sourcing company with U.S. head- 
quarters in Santa Clara, Calif. 

Research confirms that higher CMM 
levels correlate with fewer software 
defects (see chart below). But the high- 
est CMM rating doesn’t necessarily 
guarantee the greatest savings for cus- 
tomers. “The data on quality and matu- 
rity levels shows there is a definite im- 
provement in costs and [on-time proj- 
ect completion] schedules,” says Bill 
Peterson, program director for soft- 
ware engineering process management 
at the SEI. “But whether the supplier 
passes the savings on to the buyer, we 
don’t know. That’s more business than 
anything to do with the logic of costs. 

“What we are saying is that as a 
Level 5, [suppliers] are better and 
they’re able to charge more, not less,” 


| Peterson adds. 


At the same time, a Level 5CMM 
rating comes with no guarantees, and 
in some cases, it may even be overkill, 
experts say. 

“CMM is a great discipline, and it is 
a great designation to have,” says Bart 
Perkins, a Computerworld columnist 
and managing partner at Louisville, 
Ky.-based Leverage Partners Inc., 
which helps CIOs manage IT suppli- 
ers. “But the reality is that if an out- 
sourcer is at Level 5 and the 
client is at Level 1 or 2, the 
client doesn’t have the in- 
ternal discipline to take 
advantage of the Level 5 
provider’s standardized 
routines.” 

Defining system or proj- 
ect requirements is a prime 
example. “With CMM, the entire re- 
quirements process is very rigidly de- 
fined. A Level 5 requirements docu- 
ment is very detailed and explicit and 
has metrics associated with it,” Perkins 
explains. “But a company at a CMM 
Level 0 or 1 could have their require- 
ments on the back of an envelope and 
no metrics. The Level 1 companies are 
lucky if they write out two pages.” 

The upshot, says Perkins, is that 
touting a CMM Level 5 rating to a 
Level 1 buyer “comes down to touting 
a feature that’s of little value. It’s like a 
car salesman in Alaska touting a car’s 
great air conditioning. It may be great, 
but you can’t take advantage of it.” 

Yet some companies, such as Farm- 
ers Insurance Group in Los Angeles, 
contract with Level 5 outsourcers ex- 
clusively, even though they may be 
unable to reap all of the benefits of 
doing so. 

“The CIO dictated that we only do 


called CMMI: 





CMM SUNSET 


The Software Engineering 
Institute is phasing out CMM 
in favor of a new version, 
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Questions to ask your out- 
sourcer about its ratings under 
the Capability Maturity Model: 
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business with CMM Level 5 partners. It 
was a way of distinguishing the best 
companies from the rest of the pack,” 
explains Alan Stanley, a program man- 
ager at Farmers. 

“Beyond that, we don’t take advan- 
tage of CMM. We tend to dictate how 
we want work done. We allocate work 
and processes based on what we do 
here, so I don’t think we’ve 
really benefited from the 
CMM Level 5 side,” he adds. 

Helen Cousins, former 
CIO at Parsippany, NJ.- 
based Cendant Corp., says 
she believes that hiring a 
Level 5 outsourcer is a way 
to raise the bar for your 
own IT organization. “One of the 
things we gained out of necessity is the 
ability to more clearly define what we 
want,” says Cousins, who is now CIO 
at Dex Media Inc. in Denver. “I’ve also 
noticed that when people working side 
by side are with people who are disci- 
plined, it starts rubbing off.” 

But in a January 2003 report on the 
subject, Gartner analyst Partha Iyengar 
cautioned that users should also re- 
member that CMM standards are de- 
scriptive rather than prescriptive, 
meaning that “they describe what must 
be done, rather than how it must be 
done.” Consequently, a vendor can 
specify a certain way of executing a 
process that isn’t the best possible im- 
plementation of that particular process. 

In other words, Iyengar says, “CMM 
standards certification in no way guar- 
antees that a vendor’s internal imple- 
mentation of these standards is best- 
in-class in any way.” @ 42492 
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Corporate IT managers trying to curb 
illegal peer-to-peer file downloads 


could learn from their counterparts 
on college campuses. BY JULIA KING 


IM O’ROURKE, vice presi- 

dent for computer and in- 

formation services at Tem- 

ple University, makes it a 

point to ask students in the 
classes he teaches whether they swap 
peer-to-peer music and video files. He 
has yet to get no for an answer. With 
33,000 network users, 5,000 of whom 
live on the Philadelphia campus, P2P 
file swapping has brought the universi- 
ty’s network to its knees more than 
once, he says. 

At the University of Florida, network 
services supervisor Rob Bird at one 
point last year recorded 3,500 simulta- 
neous network connections to Kazaa, a 
popular P2P music site. That figure 
represents almost half of all students 
who reside on the Gainesville campus. 

Colleges and universities are on the 
front line when it comes to combating 
the various computer security, copy- 
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right infringement and network over- 
load problems that can result from 
users swapping massive P2P files. As 

a result, schools have been forced to 
come up with effective systems not 
only for detecting bandwidth hogs, but 
also for differentiating between legiti- 
mate and illegitimate P2P file transfers 
and pulling the plug on illegal activity. 
In several cases, their tools and tactics 
have resulted in a significant reduction 
in P2P headaches, making them well 
worth a close look by corporate IT 
managers, many of whom are facing 
the same problems. 

Consider the University of Florida. 
Within an hour of implementing a 
homegrown network tool known as 
Icarus, network managers recorded an 
86% drop in illegal P2P uploads to the 
Internet from the university’s resi- 
dence halls. Downloads dropped by 
30%. School newspaper articles and 
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the student handbook had also in- 

formed students about the university’s 

downloading policies and the discipli- 
nary actions that would be taken 
against violators. 

Icarus, short for Integrated Comput- 
er Application for Recognizing User 
Services, collects and combines data 
from all of the university’s many dis- 
parate network management systems. 

' Once combined, the information can 
be analyzed ina 
comprehensive 
manner. 

“We realized we 
had all of the [net- 
work monitoring and management] 
tools we needed. We just needed to 
find a way to use them all together,” 
Bird explains. “By collecting data in 
one place, we’re able to detect applica- 
tion usage in new and unusual ways.” 


How It Works 


Whenever Icarus detects P2P activity 
on the network, the software sends a 
pop-up message to the offending user’s 
computer. If the user is a 
first-time violator, he is auto- 
matically directed 
to an educational 
Web site that out- 
lines the universi- 
ty’s network usage policy 
and specific details on his 
particular violation. 

Second-time offenders 
are immediately restricted 
to on-campus Internet 
usage for a period of five 
days. Third-time violators are cut off 
from all Internet connectivity beyond 
the campus and immediately referred 
to the university’s judicial affairs office. 

“We try to stick to campus restric- 
tion as the most severe punishment, to 
minimize the impact on academic use, 
because there’s plenty of legitimate ap- 
plications that need to be accessed by 
students,” Bird says. 

Since the start of the academic year 
in September, the system has uncov- 
ered 919 first-time offenders and only 
nine repeat offenders. 

“It’s been extraordinarily success- 


Ina July 2003 study of peer-to-peer 
file sharing at 560 companies, 
Ottawa-based AssetMetrix Inc. found 
that employees at of 
those companies had engaged in 
Web-based file sharing during 
the previous 14 months. 





ICARUS FAQ 


Get the details on the Univer- 
sity of Florida’s open-source 
P2P file-restriction program: 
@ QuickLink 42975 


Read about the latest ways 
schools are dealing with 
music downloading: 

@ QuickLink 43231 
www.computerworld.com 
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ful,” Bird says, adding that the univer- 
sity plans to release the application as 
an open-source project in the spring. 

Differentiating between legal and il- 
legal P2P files can be difficult for net- 
work managers, since most colleges 
have policies against viewing the con- 
tent of files. The University of Miami 
in Coral Gables, Fla., keeps it simple by 
limiting all students to a maximum of 
48MB of dedicated bandwidth. 

“We tell them to use it wisely to do 
whatever they have to do. That could 
be downloading images from medical 
journals, or videos related to school 
communications,” notes CIO Lew 
Temares. It also could be swapping 
music files, Temares concedes, which 
is why the university has implemented 
two network filters that sniff file trans- 
fer protocols and eliminate those with 
the known characteristics of P2P files 
that the university has identified as il- 
legal. These include sites like Kazaa 
and Blubster that are primarily for 
downloading music. 

At Temple, administrators are con- 
sidering going a step further and im- 
plementing a policy that would deny 
hardware and software sup- 
port to students whose 
computers contain illegal 
P2P programs and files. 

The university also 
recently purchased an en- 
terprisewide license for 
Symantec Corp.’s Norton 
AntiVirus software, which 
all students are required to 
install on their computers 
before they can tie into the universi- 
ty’s network. 

“T don’t really want to work on [a 
computer] it takes me six or seven 
hours to rebuild because it has all this 
junk on it,” O’Rourke says. “The Wel- 
chia [worm] alone has cost me at least 
$400,000 in the last month just in time.” 

Chuck Linebaugh, director of infor- 
mation systems at Chicago law firm 
O’Hagan, Smith & Amundsen LLC, says 
corporate IT managers like him have 
somewhat more leverage over employ- 
ees than university network managers 
may have over students. Linebaugh’s 
firm locks out all P2P application pro- 
grams and conducts weekly checks on 
all files for any illegal P2P activity. 

Still, he keeps a close eye on the pre- 
cautions that other IT managers, par- 
ticularly university network managers, 
are taking on the P2P file-swapping 
front. One big reason, he notes, is self- 
preservation. “If we’re investigated and 
files downloaded by users are on our 
network, we’re liable for that,” Line- 
baugh says. @ 43111 
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When DAVID S. 
WATTERSON joined 
terials Inc. in 1999, 
his job was to replace 
the old mainframe 
and software with a 
new IT architecture 
that could handle 
explosive growth: 
40-plus acquisitions in the past five 
years. As a result of his success, Wat- 
terson has been promoted to Ci0 at the 
$1.7 billion company, which was spun 
off from Martin Marietta Corp. in 1994. 
He spoke with Jean Consilvio about the 
importance of IT at the producer of con- 
struction aggregates in Raleigh, N.C. 


Your IT staff seems small for such a 
large company. The core, 43 people, 
are in Raleigh, and the rest provide lo- 
cal support to the divisions. The infra- 
structure we've put in place, the [J.D. 
Edwards, now PeopleSoft] products 
and ERP system we've chosen have 
all been low maintenance. We did 
everything we could with packaged 
software, and we customized as little 
as possible. The objective has been to 
keep the costs and burden of IT down 
for the company. 


Are you all rolled out? We kicked off in 
November 2000, and we just finished 
in October. 


Do you use wireless technology? We're 
experimenting with it at some of our 
quarry facilities, where getting hard 
wire out to a quarry can be difficult. 
We're using a lot of VPN technology. 


How is that working out? Very well: it's 
a good, low-cost alternative. We have 
340-plus locations throughout the 
U.S., Nova Scotia and Bahamas, and 
we get into some rural, remote areas 
where we may have just five people 
working at a location. To put in a full 
frame-relay network connection is not 
cost-effective. 


Have your responsibilities changed 
since you were vice president of infor- 
mation systems? Not very much: [the 
promotion was] a recognition of the 
importance that IT has within the com- 
pany and somewhat a recognition of 
the major transformation we've made 
over the last three years. The aggre- 
gate industry has largely been a low- 
technology business. € 43232 








MANAGEMENT 


BART PERKINS 


www.computerworld.com 


Behind the Eight Ball 


HE SAFEST OUTSOURCING OPTION has 

been, and continues to be, the large U.S.- 

based operations such as IBM, Electronic 

Data Systems and Accenture. However, 

these big outsourcers are facing serious 
challenges and finding themselves behind the eight 
ball. Newer, smaller firms have changed the rules and 
are forcing the big guys to play catch-up. The new en- 
trants are stealing business by offering dramatically 
lower prices, thus creating a price floor against which 
the big companies have to compete. 


There are three main rea- 
sons for the price differen- 
tial. First, the upstarts can 
undercut traditional out- 
sourcers’ prices because 
most of their technical 
staffs are located in lower- 
cost countries. The price 
difference is enormous, 
often as much as $180 per 
hour vs. $25 per hour. But 
beware. Quoted rates don’t 
provide a true apples-to- 
apples comparison. Be sure 
to calculate the total cost 
of outsourcing, reflecting 
all the costs of managing 
an offshore outsourcer. 
Even after proper pricing 
adjustments, the difference 
is still huge. 

Second, the administrative costs 
at the newer firms are much lower. 
They’ve designed their processes from 
the start so that as much administra- 
tive work as possible is performed off- 
shore. For example, at one company, 
when expense reports are submitted, 
they’re immediately scanned into a 
computer system and then sent over- 
seas electronically. The originals and 
the receipts are filed domestically, as 
required by the IRS, but the review, 
approval and reimbursement process- 
es take place offshore. 

Third, the management structure at 
the new outsourcers also costs less, 


since a high percentage 
of their managers are 
based in the same coun- 
tries as their technical 
staffs. The price differen- 
tial is even greater in the 
executive ranks. 

In all three cases, lower 
wages mean lower costs, 
and the new firms are will- 
ing to pass a large percent- 
age of these savings on to 
their customers. Histori- 
cally, the big outsourcers 
have resisted going off- 
shore for similar savings in 
order to protect revenues 
and profits. Forced to do 
so now, the question is 
how quickly they can 

adopt some of the newer entrants’ 
approaches and use more offshore 
labor. But there are complications. 

If the big outsourcers use cheaper 
offshore technical staffs, they will 
have to share the savings they reap 
with their customers to remain com- 
petitive. The resistance to doing so 
isn’t merely greed but fear of affecting 
the stock price, since lower billing 
rates result in lower revenues and 
earnings. It takes a lot more business 
to get the same revenues when aver- 
age domestic billing rates are six or 
seven times the going rate for offshore 
work. In order to keep revenues sta- 
ble, the big outsourcers must find a 





great deal more business to cover the 
gap. This is an enormous undertaking 
in today’s economy. 

In addition, they’ll have to reduce 
their administrative costs, which will 
mean re-engineering many of their 
administrative processes. This is time- 
consuming and extremely expensive 
and presents yet another hit to the 
bottom line. 

Plus, they’ll have to address their 
high-cost management structures. In 
order to reduce management costs, big 
outsourcers could conceivably lay off 
high-level executives. Moreover, if 
growth stalls, they won’t be able to 
dangle the carrot of promotions in 
front of top-notch staff members. 

The impact of this will be delayed, 
but significant. 

Exactly how all of this will play out 
is unclear. Over the past few years, all 
of the big outsourcers have quietly be- 
gun to hire — and invest — in India, 
China and other lower-cost countries. 
Unless stopped by legislation or politi- 
cal unrest, they’ll continue to expand 
their offshore staffs. 

Each major outsourcer will likely 
address the resulting problems differ- 
ently, but any solution is likely to cre- 
ate a great deal of internal turmoil. 
Some U.S.-based outsourcing units 
will probably spin off from their moth- 
er companies, deciding they’re better 
off without corporate overhead and 
corporate angst. The boutique firms 
they create will provide further com- 
petition. Meanwhile, watch the big 
players for restructurings, reorganiza- 
tions and fluctuating stock prices. 

Buyers who are currently using or 
negotiating with the traditional out- 
sourcers may want to keep contract 
lengths reasonably short and build in 
flexible pricing terms. This will allow 
buyers to take advantage of future 
price drops as competition intensifies. 
@ 42972 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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IT Careers: Projected Hiring Surge Drives Online Learning 


Gordon agrees, saying that her IT employees tend 
to be life-long learners. “We hire people who love to 
learn technology. They do that through our in-house 
training, but also by learning on their own. These new 
technologies aren't usually available through 
universities.” 


The second area of study focuses on technology, 
but with the add-on of understanding people. “| 
would tell them to take courses and focus attention 
on hardcore computer science,” says John Vlastelica, 
director of recruiting programs for Amazon.com. 
“We tell engineers to learn to view technology not as 

an end in itself, but as a means to 
an end, which in our case is 
delighting customers.” 


hile no one expects a replay of the hiring 
craze of 1999 and 2000, most business 
leaders are forecasting an increase in hiring for 
technology workers in 2004. The surge will demand a 
cross between sophisticated technical skills and 
business intelligence, according to staffing and 


professional development leaders. : ; . 
That's where online resources become important. 


Scores of companies and institutions are providing 
certification for a wide range of skills, from .Net to 
Java to XML. Hiring and management leaders also 
want employees to gain certifications in such areas 


There are two very different needs in terms 
of ongoing learning. The first is business knowledge 
and expertise, which most universities are poised 
to provide. Suzanne Gordon, vice president 


of information technology at SAS Institute, 
says that in research and development 


and consulting, 


in computer science, 
Statistics or operations 
research. There also is a 
need for the cross section 


of business know-how with 


employees 
need advanced degrees 


technology — such as combining 

an information technology or 
computer science degree with in- 
depth knowledge of economics, 
financial services or the healthcare 


industry. Again, 


schools and 


universities are best poised to provide 

the advanced study that a_ technical 
professional needs to iead development and 
implementation of projects that respond to a 


specific business problem. 


as technology management, project management 
and security. 


“Education is just one piece,” stresses SAS’s 

Gordon. “Some people have an innate ability to 

manage projects and people. Others need to 

learn.” That's why she includes leadership in her 

list of learning priorities — bringing diverse 

people together to discuss a common situation 

or business problem, understanding the situation 

from a variety of angles, and then translating this 

into requirements that enable users and highly 
technical developers. 


For more information about IT Careers advertising, 
please contact: Nancy Percival 

Vice President, Recruitment Advertising 
800.762.2977 

500 Old Connecticut Path 

Framingham, MA 01701 

Produced by Carole R. Hedden 





Programmer Analyst. Sought by 
Englewood Colorado consulting 
company to work in various 
unanticipated locations through- 
out the U.S. Duties: Analyze, 
plan, develop, test and docu- 
ment computer programs includ- 
ing network communication pro- 
grams. Evaluate user requests 
and software program require- 
ments for new and modified pro- 
grams. Write specifications. 
code, test and debug computer 
programs. Customize hardware 
and software to client needs 
Use of Visual Basic, C++, ASP, 
ActiveX, HTML, SQL Server, 
VBScript Developer 2000 and 
Windows NT. Regs. Bachelor or 
equivalent in Computer Science, 
Computer Engineering, Engi- 
neering (any field) or related 
field of study. Plus 2 years in the 
job offered or 2 year in a related 
occupation, including Senior 
Software Engineer. $75,000/ 
year, 40/hrs/wk, 8AM-5PM 
Respond by resume to 
EMPLOYMENT PROGRAMS, 
PO Box 46547, Denver, CO 
80202, and refer to Job Order 
No. CO5061381 


SOFTWARE ENGINEER 
(Alameda County) to analyze, 
design & modify computer soft- 
ware for precision laser & GPS 
manufacturer selling into int'l 
civil engrg & construction indus- 
tries; create & analyze software 
for use in connection w/compa- 
ny's survey, machine control & 
laser products, utilizing C++, 
Visual C++, & CE o/s in 
Windows; implement user inter- 
faces in Windows desktop, CE 
PDA's & Embedded systems, & 
design user Help files & systems 
& generate user & product man- 
uals, utilizing MS Word, Adobe 
PageMaker or FrameMaker; 35 
hrs/wk. Must have Bach's in 

, MIS or Electrical 


TPS, Inc., Attn: C. Goad, 5758 
W. Las Positas Bivd, 
Pleasanton, CA 94588 & quote 
#12904 


OH IT Consulting Firm seeks 
Project Manager for the 
mgment/design/developmentiim 
plementation/upgrade/mainte- 
nance of mgmnt systems 
(CMMS); consult w/clients to 
determine client needs; assist 
w/contract negotiations and 
prep of client capital investment 
approval proposals; oversee 
implementation of new system, 
upgrade of maintenance to 
ensure the CMMS system is 
installed/running correctly. Min 
exp. Bachelor's in Mech Engin 
or equiv. and 3 years in job/job 
related exp. including working 
knowledge of MS Project, MS 
Business Professional swre, at 
least 1 Aerospace ERP sware 
maintenance pkg (ie. Avexus 
Impresa or Visaer) and previous 
consulting exp. Travel req 
Resumes to Boyle International 
Corporation, 7007 E. Sprague 
Rd., Independence, OH 44131. 
No calls. EOE 


Senior Business Analyst/ 
Programmer Assist health orga- 
nizations develop the steps to’ 
comply with the HIPAA, assess 
the current environment, provide 
recommendations for achieving 
HIPAA compliance within the 
required time frames, and pro- 
vide remediation assistance and 
training. Provide leadership and 
direction to project teams and 
client staff regarding HIPAA 
Privacy and Security. - 2 yr 
experience in using eXchange, 
eGate, elnsight for implementing 
EDI transaction/Experience in 
using system development life 
cycle methodology approach/ 
Experience with mainframe plat- 
form (COBOL, CICS, ADABAS, 
NATURAL VSAM, DB2 and 
JCL). Base Salary $65000 
Send application and resume 
to: LB Infosys. 1300 Edgewater 
Dr #306.Pierre, SD 57501 


Computerworld + InfoWorld + Network World + December 8, 2003 


Analyst/Project Programmer, 
Biomedical Information 


Develops appropriate computer} 
algorithms for data mining of 
advanced biological and chemi- 
cal research data for the purpos- 
es of developing Bioinformatics 
and statistical data output, which 
will be used for various human 
genetic research projects 
Reads and interprets research 
publications using basic princi- 
ples in genetics, molecular biol- 
Ogy and computational biology 
Uses SAS, S-Plus or SYSTAT in 
conjunction with Bio-PERL 
BLAST, UNIX, C++, and Fortran 
in performance of duties 
Requires Master's degree or 
completion of coursework for 
Master's degree in Computer 
Science, Computing, or Biology. 
Education to include completion 
of nine credit hours in 
Bioinformatics. Send resume 
no calls to: Medical College of 
Wisconsin, Attn: Employment 
Office JMC1208, 8701 
Watertown Plank Rd., 
Milwaukee, WI 53226, Fax: 414- 
456-6502 


Systems Analyst Analyzes 
user requirements, procedures, 
and problems to automate pro- 
cessing or to improve existing 
computer systems. Must be 
able to travel Bachelor's 
degree in computer science, 
engineering, or math-related 
and 2 yrs. experience required 
in job offered. Included in, and 
not in addition to, the 2 yrs. 
requirement, 2 yrs experience in 
JAVA (JOBC, BEANS, RMI), 
COBRA, JAVA Script, HTMS, 
ASP, CGI with Periand Oracle 
40 hrs per week, Mon-Fri, 9:00 
am - 5:00 pm; no overtime. 


Apply by resume only to Humar| 
Resources Coordinator, Capri- 
corn Systems, Inc. 3569 
Habersham at Northlake, Bui- 
ding K, Tucker, GA 30084 


Stanford Technology Partners 
Inc is an Information 
Technology consulting company 
with its clients across the USA 
We seek an UNIX Solaris 
System Administrator. Duties 
include systerns administration 
for global e-business retail 
exchange, scalability analysis 
and capacity planning, expertise 
on sun clustering with a strong 
focus on design and architec- 
ture, assist with transition to co- 
location environments, establish 
and maintain close working rela- 
tionships with application teams 
and users in the design, devel- 
opment, tuning, and problem 
resolution of systems, communi- 
cate effectively in meetings and 
discussions, maintain software 
license inventory and Perform 
emergency problem resolution 
If interested, please send 
resume to: Stanford Technology 
Partners Inc.289 Boston 
Turnpike Suite #6 Shrewsbury, 
MA 01545 e-mail 
recruiter@stpincusa.com 


Seeking qualified applicants for! 
the following positions in 
Orlando, FL: Senior Prog- 
rammer Analyst. Devise or 
modify procedures or perform 
systems/applications testing to 
solve complex problems consid- 
ering computer equipment 
capacity, limitations, operating 
time and form of desired results. 
Requirements Bachelor's 
degree* in computer science, 
MIS, engineering or related field 
plus 5 years of experience in 
systems/applications develop- 
ment and/or testing. Exper- 
ience with Unix and SQL also 
required. *Master's degree in 
appropriate field will offset 2 
years of general experience. 
Submit resumes to Sibi George, 
FedEx Corporate Services, 
1900 Summit Tower Bivd., Suite! 
1400, Orlando, FL 32810. EOE 
M/F/DIV 
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IT Careers 


Wants You! 


Take the hassle out of 


job searching and 


check us out at 


www.itcareers.com. 


Today, more than ever, 


the right skills fuel the 


new economy and IT 


|Careers wants you to be 


there. Check us out at: 


www.itcareers.com 








Software Engineer (2 positions) 
- Research, design and develop 
computer software systems in 
conjunction with hardware prod- 
uct development applying princi- 
ples and techniques of computer 
science, engineering and math- 
ematical analysis. Requires a 
Master in Computer Science 
Info Systems, Enginee 
Mathematics. Require: 

in job offered or 1-yr exp as 
Programmer Analyst, Systems 
Analyst Systems Engineer. 
Must have 1-yr exp using Active 
Server Pages and JavaScript 
Various unanticip 3 locations 
throughout the US. 5 day, 40 
hriwk, $ yr. Please mai 
resumes to Workforce Develop- 
ment Programs, PO Box 46547 
Denver, CO 80202 and refer to 


order number C 


find a 
aaeae 
with o 
hand tied 
ehind 


your | 
Just point your 
mouse to the 
world’s best 
IT careers site, 
powered by 
CareerJournal.com 


Find out 
more at: 
itcareers.com 
or call (800) 


762-2977 
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Software Co. Si, NY Seeks 
Sr & Jr 


Programmers w/following skills 


Project Leader 


for their medical div; VB x/.net 
embedded VB 3.0, SQL Server 
7/00, Oracle x, PL/SQL,ASP. 
Java, C++, lIS, Unix/Windows x 
& CE; Reqd Healthcare ind 
knowledge, BS in CS/Engg/Bus. 
Adm w/5 yrs exp. for sr level & 3 
yrs exp for jr. prgmrs in job offd 
Send resumes to HR, infinite 
Software Solutions, Inc., 303 
Bradley Avenue, Si, NY 10314 


Network Administrators needed 
Seeking qual. candidates pos- 
sessing BS or equiv. and/or re! 
work exp. Cisco Cert. Design 
Assoc. & Cert. Novell Engg 
certs. req'd, or in the alt., exp 
must include 1 yr. working 
w/Cisco & Novell NetWare. Fwd 
resume & ref. to: Attn: IT 
Manager, Associated Students 
SJSU, 1 Washington Sq., AS 
jouse, San Jose State Univ 


San Jose, CA 95192-0128 


Computer Professionals (pro- 
grammer, system analyst, soft- 
project engineers) want- 
by Bralak Technologies 
Candidates must have at least 
BS/MS degree. IT experience in 
C/C++, Oracle, SQL, VB J 
Web Technology is 
Please 


CDI, one of the largest staffing 
companies a multiple 


Good reference 
We of 


www.cdicorp.cc 


tions. 


Internet company seeks 
PhD Research Engineers 
responsible for innovative 
research. Interested appli- 
cants should send resumes 
to: K Wolfe; 1501 Salado 
Mt. View, CA 94043. Visit 


www.google.com for addi- 


tional information 


Computers-Seeking qualified 
for senior and mid- 
rofessional positions 

including: Programmer Analysts 

atabase nistrators, 


Qualified 
sess MS: 
work 
require 1 y 
nciude: Wor 
wing: SAP. ABAP. XML 


Oracle, C++ 


Petersburg 
HR@ID: 
didates 


be contacted. No calls. 


Looking for a new career? 


The new itcareers.com 


and CareersJournal.com 


combined jobs database 


can help you find one. 


Check us out at: 


www.itcareers.com 
or call: (800) 762-2977 


Computerworld + InfoWorld - Network World - December 8, 2003 


R Systems, Inc. is a global infor- 
mation technology services 
company and it has multiple Job 
openings for the following posi- 
tions at its corporate office in 
Sacramento as we! Project 
sites throug the 
United States 


+ Applications Programmer 
+ Database Analyst 
* Software Engineers 
+ Systems Analyst 
* Network Analyst 
T Project Managers 
Analyst 
gineer 
r Analyst 
anage 
base Administrators 
+ Market Research Analyst 


sirement: Bach 
ivalent and 

1 the job 

NS May involve 


roject sites 


Commerce applications 
degree in 


tion Specialist/Unix Adm- 

anted by shipping 

f co. in Tar FL 

degree 

g. or related 

3 yrs. exp. with 

technologies; 2 yrs 

n the Shipping industry; 2 

yrs., exp. in implementation of 

leb based (WWW) application 

chitecture and 1 yr. exp. with 

nix base middieware applica- 

tion such as LDAP and 

Application Servers. In lieu of a 

Bachelor's degree, we will 

accept an additional 2 yrs. of rel- 

evant exp. Refer to Job#JL2003 

Lykes Lines Limited, LLC (CP 

Ships), 401 East Jackson St 

Suite 3300, Tampa, Florida 
33602 





ENGINEERING 
Software Engineers in Lincroft 
NJ to design, develop, code, test 
and implement web applications 
for providing authorization 
authentication, delegated admin 
istration and secure seamless 
secure services 
pplications using 
lated Java technolo. 
jies JNDI & JMS 
TCP/IP and windows cket net- 


connection 


working technologies and com 
ponent development tools such 
as COM, COM+ and Java 
Beans in Solaris and Linux envi 
ronments; test web applications 
Visual Cafe skills and 
them on WebLogic 
cation Server 8.1 using 
J2EE technologies; Java and 
C/C++ programming languages 
to develop data communication 
and modem emulation software 
operating in Linux environments 
develop MS Outlook calendaring 
systems using CDO skills. BS in 
Comp. Sc. or Eng. 5 yr. post 
graduate progressively respon- 
sible work exp. as Software Eng 
For prompt consideration 
please submit your resume/CV 
with the following codes includ- 
ed: AD-COMPUTER/12295BR 
Avaya Inc. P.O. Box 549248 
Suite 188, Waltham, MA, 02454- 
9248. EOE 


ENGINEERING 
Software Engineers in Lincroft 
NJ to design, develop, code, test 
and implement web applications 
for providing authorization 
authentication, delegated adm 
inistration and secure seamless 
onnection for secure services 
platform applications using 
E and related Java technolo- 
gies (JDBC, JNDI & JMS) 
TCP/IP and windows socket net 
working technologies and com 
ponent development tools such 
as COM, COM+ and Java 
Beans in Solaris and Linux envi- 
ronments; test web applications 
using Visual Cafe skills and 
deploy them on WebLogic 
Application Server 8.1 using 
J2EE technologies; Java and 
+ programming languages 
to develop data communication 
and modem emulation software 
operating in Linux environments 
develop MS Outlook calendaring 
systems using CDO skills. BS in 
Comp. Sc. or Eng. 5 yr. post 
graduate progressively respon 
sible work exp. as Software Eng 
For prompt consideration 
please submit your resume/CV 
with the following codes includ- 
ed: AD-COMPUTER/12295BR 
Avaya Inc. P.O. Box 549248 
le 188, Waltham, MA, 02454 
9248. EOE 


omputer Programmer needed 
IT Development and 
ting Firm located in 
Cedar Rapids, IA. Job duties 
include: Work as part of a tearn 
under the close supervision of 
senior team members, team 
leader and/or project leader 
assists in the development 
installation and maintenance of 
large computer software appli- 
ations using: SAP, JAVA 
HTML, Weblogic. Applicant must 
have a Bachelors Degree in 
Computer Science, Mathe- 
matics or Engineering or foreign 
equivalency. Applicant must 
have 2 yrs exp. in SAP, JAVA 
HTML, Weblogic. Mon-Fri, 9:00 
am to 5:00 pm, $60,000.00/yr 
Must have proof of legal author- 
ity to work in the US. Send 
resume and cover letter to: lowa 
Workforce Center, 800 7th St 
SE, Cedar Rapids, IA 52406 
Please refer to Job Order 
1A1101820 Employer paid 
advertisement 


Laker baeleses 


Information Technology 


Systems 
Engineer 


Meredith Corporation seeks an 
experienced systems engineer 
to develop and support the inter- 
active technology architecture 
standards and directions 
Qualified candidate will have a 
minimum of 2 years internet 
technology and architecture 
experience with a familiarity in 
Java-based technologies, UML 
XML, Java, EJB and relational 
databases ATG Dynamo a 


plus 
Location: Des Moines, lowa 


Visit www.meredith.com for 
more information on this exciting 
Opportunity 


Send cover letter and resume to 
N. Rogers, Meredith Corp- 
oration, Staffing Services/Dept 
386, 1716 Locust St., Des 
Moi IA 50309-3023. Fax 
(515) 284-2958. EOE 


MAeredith 


COMPUTER 
Network Systems Administrators 
in Lincroft, New Jersey to plan 
design, configure, install and 
troubleshoot LAN/WAN as well 
as CRM and Siebel 2000, 7.0 
and 7.5 e-business applications 
operating in Windows, AIX 5.x 
Sun Solaris, UNIX and LINUX 
R&D lab environment; install 
integrate and administer MS 
SQL, Oracle and DB2 databas- 
es operating in multiple environ- 
ments; configure, install, admin- 
ister and troubleshoot MTS 
MSMQ, MS Exchange, MS 
Terminal, IS and Apache web 
servers; administer and trou- 
bleshoot Rational ClearCase 
Visual SourceSafe and reiated 
source control applications; and 
implement back-up strategies 
using Veritas, Microsoft and 
Acrserv tools MS in Comp 
Science or E ical Engin- 
eering. 3 yrs. exp. as Network 
Administrator or 
lems Engineer. Willing to 
foreign educational 
degree. Willing to accept BS in 
ring plus 5 yrs of post 
graduate progressively respon- 
sible work experience For 
prompt consideration, please 
submit your resume/CV with the 
following codes included: AD- 
COMPUTER/12341BR, Avaya 
Inc. P.O. Box 549248, Suite 188 
Waltham, MA, 02454-9248 
EOE 


Systems 


SENIOR SOFTWARE ENGI- 
NEER to lead a team in the 
design, development, testing 
and implementation of applica- 
tion software using Oracle 
Applications (Financials, Pro- 
jects, Internet Procurement 
HRMS) Oracle Designer. 
Oracle Discoverer, ADI, PL/SQL 
SQL Loader, Data Loader, SQL 
Navigator/Toad, PERL, and 
Shell Scripts on UNIX and 
Windows 2000/NT operating 
systems; Supervise and men- 
tor junior programmers and 
engineers. Require: Bachelor's 
degree in Computer Science, an 
Engineering discipline, of a 
closely related field with five 
years of progressively respons 

ble experience in the job offered 
or as a Software Consultant 

Programmer Analyst. Exten- 
sive travel on assignment to var- 
ious client sites within the U.S. is 
required. Competitive Salary 
Offered. Send resume to: Fred 
Thomas President Elite 
Information Systems, Inc., 2021 
Art Museum Drive, Suite 110. 
Jacksonville, FL 32207; Attn 
Job NY. 


Knowledge Mgmt Proj Consultant 
- Partner w/customers to investi- 
gate & analyze info, knwidg & col- 
laboration reqts to improve ability 
to leverage info & knwidg to inter- 
nal & external orgs. Determine & 
scope alternative solutions & 
related benefits to meet needs. 
Req. MBA & 5 yrs exp in job 
offered or 5 yrs exp consulting in 
knwidg mgmt. Bkgd in educ 

train’g or exp must incl proj mgmt 
methodology, sales & mktg exp in 
electronic publishing or info solu- 
tions; competitive intelligence 
exp managing or dev'g info 
knwidg, collaborative & e-iearn 

ing solutions. Specific exp should 
incl external consulting to variety 
of clients & dev'g/delivery of inno- 
vative solutions for info & knwidg 
mgmt incl acquisition of external 
content. Solutions should include 
web-based intranets or portals 
search engines, content sourc 

ing; collaborative, expertise & e 

learning tech. Must have ability to 
comm & negotiate at all levels 
both internal & external to org 
(e.g. vendors); 40 hrs/wk; salary 
commens w/exp. Resumes to IT 
Careers, 500 Old Conn Path 
Framingham, MA 01701, Box # 
4868 


Senior Programmer/Analyst 
Analyzes, tests, modifies, and 
maintains customized computer 
applications in multiple operat- 
ing system client/server environ- 
ment according to user require- 
ments and procedures using 
Java/J2EE XML C/C++ 
Oracle, BC4J, Weblogic and 
WebSphere Formulates pro- 
gram and system design proce- 
dures, test plans, and program 
development specifications 
Prepares technical documenta- 
tion. May serve as team leader 
Must have BS or equivalent in 
CS/CA/Math/Engineering or 
related. Must have 2 yrs exp. in 
job offered or in software devel- 
opment with C++ J2EE 
Weblogic & WebSphere. Will 
accept a foreign degree evaluat- 
ed by a recognized authority as 
equivalent to a _ bachelor's 
degree. Must be willing to be 
assigned to unanticipated client 
sites throughout the State of 
Maine. Salary: $82.000/ yr. Hrs: 
8:00am-5:00pm, 40/wk. Please 
send 2 copies of resume to 
Bureau of Labor Standards, 45 
State House Station, Augusta 
Maine, 04333-0045 Please refer 
to Job Order #42750 for 
Programmer/ Analyst 


We seek exp'd IT professionals 
with min. 2 yrs. exp. using 
HP9000, Peoplesoft 8.4 Tools 
PS Internet Architecture, Super 
C, SQA Suite, Object Security, 
SQR, etc. B.S C/S or Eng’g or 
Elect & Comm. reqd. Send 
resume only to Paramount 
Software Solutions, Inc., 3350 
Riverwood Pkwy. 


Atlanta, GA 30339. 


N-Gen Communications Serv- 
ices, Inc seeks the services of IT 
professionals with min. 2 yrs 
exp. using at least the following 
skills: OOAD using UML 
Modeling, Rational Tools, J2EE 
Tech Service Oriented 
Architecture and Web Services 
Technologies, etc. Candidates 
must have B.S. or M.S. in C/S or 
Eng'g. Please send resumes to 
P.O. Box 78856, Chariotte, NC 
28271 


IT\careers.com 


Medical Imaging Software 
Engineer - Must have M.S. in 
Computer Science or Bio- 
medical Engineering. To partici- 
pate in the research and devel- 
opment work of the company's 
new 3D image display product 
Computed Tomography Laser 
Breast Imaging System (CTLM) 
Will be responsible for creating 
an interface software which will 
integrate functions of scanner 
control, signa! acquisition, image 
reconstruction, and patient data- 
base. Will have the additional 
responsibility of ensuring that all 
products are DICOM compati- 
ble, developing software for the 
Company's medical device 
product, developing utility pro- 
grams and tools to support other 
software engineers, and devel- 
oping documentation as per the 
Company's software develop- 
ment methodology. Must be 
familiar with C++, API and SQL 
Must have 1 year of image pro- 
cessing experience or gaming 
experience in the medical indus- 
try. Qualified candidates must 
send resumes to Imaging 
Diagnostic Systems, Inc, Trishia 
Firth, H.R. Manager, 6531 NW 
18th Court, Plantation, FL 
33313 


Programmer/Analyst needed for 
Software Development, Serv- 
ices & BPO firm located in 
Burlington, VT. Job duties 
include: Analyze, design, devel- 
op, code, implement and test 
computer software applica- 
tions/systems for clients located 
throughout the U.S. using 
Unified Modeling Language 
(UML) through Rational Rose 
Toad/SQL+ and Oracle in a 
Windows environment. Appli- 
cant must have B.S. degree in 
Computer Science, Business 
Mathematics or Engineering 
Applicant must also have 2 yrs 
exp. in the job duties described 
above or in any computer relat- 
ed occupation which includes 
the skills listed above. 40hrs, 
wk, 9:00am - 5:00pm, M-F, 
$60,000/yr. Send resumes to 
Job No. 607940, P.O. Box 488 
Montpelier, VT 05601-0488 


PROGRAMMER/ANALYST (2 
positions) to analyze, design 
develop, implement and test 
application software using 
Oracle, Developer 2000, Visual 
Basic, SQL, PL/SQL, SQR, C 
C++, Perl, CGI, Shell Scripting 
Java, JSP, Serviets and EJB on 
UNIX and Windows platforms 
Require B.S degree in 
Computer Science, an Engin- 
eering discipline, or a_ closely 
related field with two years of 
experience in the job offered or 
as a Programmer. Extensive 
travel on assignments to various 
client sites within the U.S. is 
required. Competitive salary 
offered. Apply by resume to: 
Sudhakara Ravoori Sai 
Technical Services, Inc., 626 
Wendover Drive, Ridgeland, MS 
39157; Attn: Job SA 


Support Engineer (Boston) 
Requirements Bachelors 
degree + 2yrs exp in OS sup- 
port, productivity apps, TCP/IP, 
networking & printing. Duties 
Administer WINNT svrs & work- 
stations (LAN/WAN) using SMS 
management tools. Develop & 
maintain automation scripts in 
Batsh & Visual Basic; MS 
Access databases for client sup- 
port; Intranet-based knowledge 
bases in HTML & Java. Assist w 
developing, deploying, user 
training & troubleshooting 
Report on network status & user 
satisfaction. Relocation within 
USA possible. Attractive comp 
pkg. Resumes to Susan 
Labandibar, Computer Ware- 
house Associates 574 
Dorchester Ave., S. Boston, MA 
02127 


IT Careers 

COMSYS is an established IT 
consulting firm that serves lead- 
ing corporations including 174 of 
the Fortune 500. With COM- 
SYS, you get: Extensive 
Benefits, Additional Compen- 
sation for referrals and 
Professional Challenges with 
training and assignments to 
keep you at the forefront of tech- 
nology. With 30 offices, we need 
the services of experienced con- 
sultants across the US: 


* Computer Programmers 
+ Programmer Analysts 

* Systems Analyst 

* Software Engineers 

+ User Support Specialists 
+ DBA's 

+ Business Analysts 

* Project Leaders 


Submit resume to 
COMSYS 
3030 LBJ Freeway 
Suite 905 
Dallas, TX 75234 
www.comsys.com 
Fax: 972-960-0914 
EOE/M/F/DV 


Systems Analyst needed for 
Software Development, Serv- 
ices & BPO firm located in 
Burlington, VT. Job duties 
include: Analyze, design, devel- 
op, code, implement and test 
computer software applica- 
tions/systems for clients located 
throughout the east coast. Will 
use JAM (JYACC APPLICA- 
TION MANAGER). JAVA C 
POWERBUILDER, SYBASE 
and SYBASE REPLICATION 
SERVER on both Windows and 
UNIX platforms. Applicant must 
have B.S. degree in Computer 
Science, Business, Mathematics 
or Engineering. Applicant must 
also have 2 yrs. exp. in the job 
duties described above or in any 
computer related occupation 
which includes skills listed 
above 40hrs/wk, 9:00am- 
5:00pm, Mon-Fri, $65,000/yr. 
Send resumes to Job No 
607992 P.O Box 488 
Montpelier, VT 05601-0488 


We have various openings for 
Programmer Analysts posi- 
tions: Develop web based appli- 
cations using IDE, tools used 
SQL & PL/SQL or Development 
of applications in Clearcase 
tools used: Java, C++, Perl 
CVS or Programming using 
Oracle database, tools used 
Oracle Warehouse Builder 
Informatica Min Edu-BS_ in 
Comp.Sc./Engg or equi, Min 
Exp-2 yrs. Software Engineers- 
Design, develop and implemerit 
software systems, tools used: C 
C++, Assembly, Java. Min Exp 6 
yrs Financial Analysts- 
Analyze using Oracle Database 
tools used: Oracle Warehouse 
Builder, Informatica Min Edu-BS 
in Finance or equi, Min Exp-2 
yrs. Job may involve working at 
various locations throughout the 
US. Please send resumes to 
Attn: HR, Tekessence Inc . 1001 
Office Park Road, Suite #107 
West Des Moines, IOWA 50265 
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Business Objects has an open- 
ing for the position of Sr 
Consultant to be based out of 
our Atlanta, GA office. The posi- 
tion requires a Bachelor's or for- 
eign degree equivalent in 
Computer Science, Mechanical 
Engineering, or related, plus 
seven (7) years’ experience as a 
Software Analyst in Systems: 

Administration or 

Experience must 

Business Objects 
including Foundation Architect 
and Administrator 2. Unix 
Administration, and 3. Business 
Objects Webintelligence Archi- 
tect and Administrator. To apply 
for a position, visit our website at 
www.businessobjects.com/careers 
or forward your resume (ref 
CW1203) to: Business Objects 
Americas, Attn: Staffing, 3030 
Orchard Pkwy, San Jose, CA 
95134. EOE 


Database Administrator. 
Rutland, VT & various unantici- 
pated client locations: Admin- 
ister & coordinate custom 
Oracle database on RAC; Data 
replication, Data Mining, monitor 
& tune performance in_ internal 
& external database in Oracle & 
Unix environment. Physical & 
logical database design. Deter- 
mine impact of database 
changes on network & refine 
changes in whole cycle project 
to implement security measures 
& transformation using JBoss 
LDAP, XML, XSLT & Warehouse 
Builder. Req. Bachelor's in 
Computer science or Engin- 
eering or Maths or MIS+2 yrs 
exp in job offered. Sal 
$54,000/yr - 40 hrs/wk, Send 
resume to: Attn: Job No 
607997 P.O Box 488 
Montpelier, VT 05601-0488 


We seek exp'd IT professionals 
& Functional Business Cons- 
ultants / Analysts with min. 2 yrs 
exp. in business modeling, inter- 
active applications, etc. using 
Aviant 4GL, Cognos utilities, 
Informatica 4.7 Business 
Objects Tech., OWB, Oracle 
8i/9i, etc. B.S C/S, Bus. Admin 
or MIS or Economics reqd. Send 
resumes only to Paramount 
Software Solutions, Inc., 3350 
Riverwood Pkwy., Ste 1900 
Atlanta, GA 30339. 


Senior Web Support Prog- 
rammer for International 
Company in Boston Metro- 
politan area. Skill requirements 
to include; Java, Javascript and 
JSP programming languages 
and two years of experience 
with the Windows NT and / or 
Sun Solaris operating systems 
Experience in hotel industry pre- 
ferred Forward resumes to 
Starwood Hotels & Resorts 
Worldwide, Inc., Department of 
Human Resources 1515 
Washington Street, Braintree 
Massachusetts 02148 or by fax 
to (781) 380 0427 
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Microsoft Loosens Policy 
On Intellectual Property 


growth and development of 
the broader IT industry,” he 
said. “Microsoft is committed 
to licensing its intellectual 
property on clear, commer- 
cially reasonable terms based 
on industry norms.” 


lyst, called the new policy an | 
“important first step” for Mi- 
crosoft, as the industry’s most 
notorious proponent of pro- 
prietary technology edges to- 
ward a more open approach to 
product development. 

“Traditionally, Microsoft 

has been very guarded about 
| its [intellectual property]. Its 
approach has been to try to 
differentiate itself from others 
| with [it],” he said. “I think 
| what you’re really seeing here 
as much as anything is evi- 
dence of the changes going on 
within Microsoft.” 

Anything in Microsoft’s 
portfolio is potentially avail- 
able for licensing, Smith said. 
“Access to and exchange of 
mats and schema, software intellectual property is really 
technology, and Microsoft- essential to the continued 


Says anything in its 
portfolio could be 
available for licensing 
BY STACY COWLEY 
ICROSOFT CORP 
last week un- 
veiled a new tech- 
nology-licensing 
policy that it said signals its 
commitment to working with 
other vendors on intellectual 
property swaps and is intend- 
ed to drive interoperability 
and innovation. 

Microsoft will create licens- 
ing programs to offer access to 
a broad range of its intellectu- 
al property, including copy- 
rights, trademarks, file for- 


Windows APIs in Demand 
Although Microsoft owns a 
vast array of intellectual prop- 
erty, the technologies other de- 
velopers most often clamor for 
are those associated with its 
Windows operating system 
and Office applications suite. 
Microsoft allows limited access 
to information on those prod- 
ucts’ underpinnings through 
initiatives such as its tightly 
controlled shared-source pro- 
gram. Executives were guarded 
about how extensively the 
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company might consider ex- 
panding its Windows- and 
Office-related licensing. 
“We're aware of the API is- 
sue,” said David Kaefer, Micro- 
soft’s director of business strat- 
egy for intellectual property. 
“We'd like to improve informa- 
tion about the APIs that are al- 
ready available, and then we 
need to see what people say. 
Clearly, to the extent that peo- 
ple are still asking questions 
about them, there’s interest.” 
Microsoft has been working 
for nearly a year on develop- 


www.computerworld.com 


ing a clearer intellectual prop- 
erty policy, Smith said, point- 
ing to the company’s recent 
hiring of Deputy General 
Counsel Marshall Phelps as a 
sign of its commitment to ex- 
panding licensing. Phelps will 
manage Microsoft’s intellectu- 
al property portfolio and field 
requests for access. 

Although Microsoft will 
charge for some of its licens- 
ing arrangements, the compa- 
ny doesn’t expect the new pro- 
grams to generate significant 
revenue. “That’s not why 
we're doing this,” Smith said. 

Wilcox said he sees the new 
licensing approach as a sincere 
effort by Microsoft to play 
nicely with others in the indus- 
try. Steve Ballmer, now almost 
four years into his tenure as 
Microsoft’s CEO, is more inter- 
ested in industry collaboration 
than was his predecessor, Bill 
Gates, Wilcox said. @ 43342 
Cowley writes for the IDG 
News Service. 





developed standards specifi- ss 
cations. The company also in- 
troduced programs offering 
technology and patent licens- 
es for its ClearType technolo- 
gy for improving the readabili- 
ty of text on LCDs, and for its 
FAT (File Allocation Table) 
file-system storage format. 

Some of the licensing pro- 
grams will be royalty-free, like 
the Office XML schemas Mi- 
crosoft began offering develop- 
ers last month, executives said. 
Others, like its ClearType and 
FAT programs, will carry fees. 

Microsoft's new licensing 
approach is unrelated to its 
antitrust settlement agree- 
ment with the U.S. Depart- 
ment of Justice and its ongo- 
ing skirmish over the same is- 
sue with the European Com- 
mission, according to Brad 
Smith, the company’s general 
counsel. “We felt it was impor- 
tant to take this step, based on 
our strong dialogues with a 
number of other companies in 
our industry,” Smith said. 

Joe Wilcox, a Washington- 
based Jupiter Research ana- 


panies running 1,000 or more 
desktops could scrap as many 
as half of their existing desk- 
top systems in favor of thin 
clients. HP believes a dedicat- 
ed blade will offer consistent 
levels of performance, ad- 
dressing a key concern some 
users have had about sever- 
based thin clients, he said. 

Officials at Austin-based 
ClearCube Technology Inc., 
which sells a PC blade system 
that uses Pentium 4 chips, 
said that more than 500 cus- 
tomers have adopted its sys- 
tems. HP’s decision to com- 
pete in the PC blade market 
“validates this whole PC blade 
computing category,” said Raj 
Shah, ClearCube’s chief mar- 
keting officer. 

The U.S. Air Force’s security 
forces headquarters at Lack- 
land Air Force Base in San An- 
tonio recently adopted PC 
blades from ClearCube after 
looking at a number of server- 
based thin clients. Senior net- 
work engineer Rick Johnsen 


Continued from page 1 


HP Blades 


larger and larger systems with 
the same amount of techni- 
cians,” Norby said. 

Likely desktop replacement 
candidates are users who pri- 
marily use Windows and Of- 
fice and who don’t have a lot 
of custom applications run- 
ning on their systems. 

Although notebook users 

tend to be outside of the target 
| market for thin clients, those 
who typically use their note- 
books when connected re- 
motely to a network can use 
them to connect to a blade. 

The strongest candidates 
for PC blades are IT shops 
that have already “maxed out 
on how much improvement 
they can get out of their tradi- 
tional desktops,” said Jeff 
Groudan, vice president of 
product marketing in HP’s 
Personal Systems Group. 

Groudan claimed that com- 











said the blades provide a desk- 
top experience that’s indistin- 
guishable from that of a fully 
loaded desktop PC. Moreover, 
the server-based options typi- 
cally required additional train- 
ing and didn’t necessarily sup- 
port peripherals such as card 
readers, he added. 

Improved security over tra- 
ditional desktop PCs is a major 
reason why military and in- 
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telligence groups have been 
early adopters of thin-client 
architectures, analysts say. 
And it’s a need that may also 
drive private-sector businesses 
that are struggling with patch 
management to look more 
closely at thin clients. 

Security “was big for us,” 
said Johnsen. “What really sold 
us was the ability to manage 
the computers centrally.” 

Although HP sees a large 
potential for its PC blades, 
the reality is that thin-client 
systems, most of which are 
server-based, constitute only 
1% of PC shipments. Market 
research firm IDC estimates 
2003 thin-client shipments 
at 1.45 million units and fore- 
casts 20% annual growth to 
3.3 million units by 2007. 

IDC analyst Bob O’Donnell 
said HP’s move raises the pro- 
file of an industry sector dom- 
inated by small companies. 
“The thin-client industry 
needs a big player like HP 
behind it,” he said. @ 43336 
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‘Talk Is Cheap 


ORE THAN 300 IT executives were at the National 
Cyber Security Summit last week (see story, page 1). 
About 97% of them were from IT vendors. What 
they got from Homeland Security Secretary Tom 
Ridge was jawboning about how the industry has to 
do more to secure cyberspace or else they just might be subject to 


government regulation. 


Let’s translate that: There won’t be regulation anytime soon. Com- 
panies that aren’t IT vendors aren’t players in this game. And if your 
company wants better IT security, you’re on your own. 


Does that sound like a cynical assessment? 
It’s not. A year after the first drafts of “The Na- 
tional Strategy to Secure Cyberspace” began 
circulating, we have a pretty clear picture of 
what the U.S. government is and isn’t willing to 
do to beef up IT security, both in products and 
on the Internet. 

The feds are willing to do a lot of encourag- 
ing. They’re not willing to do much enforcing. 

Compare that with what the feds have man- 
dated for non-IT security: the airport check- 
points, the special registration programs for 
foreign nationals, the increased surveillance, 
the gun-toting guards. Whatever the effective- 
ness of these efforts, there’s no doubt that the 
government is willing to take a strong hand 
when it comes to physical security. 


Or compare it with what was mandated in the 


face of Y2k: corporate disclosure of the risks 
and costs of Y2k in financial statements filed 
with the Securities and Exchange Commission. 

Real concern translates into action. But we’re 
not getting that when it comes to cybersecurity. 
What we’re getting is just a lot of talk. 

There’s nothing wrong with Ridge talking 
about the cybersecurity problem. It raises 
awareness. It encourages people to 
kick around ideas. It signals that cy- 
bersecurity hasn’t completely fallen 
off the radar. 

But a serious, active cybersecuri- 
ty push? It won’t happen. 

In fact, we aren’t even likely to 
see the U.S. government use its for- 
midable IT purchasing power to 
goose vendors along toward better 
security. In government IT, as in the 
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And in practice, neither the government nor 
IT vendors even want to hear from corporate 
IT about security. So we are truly on our own. 

What can we do? The usual, of course: beef 
up patch regimens. Test proactively. Turn on 
security features. Turn off other features that 
aren’t needed. Encrypt. Subnet. Limit trust be- 
tween machines wherever possible. Check logs 
at every level, from intrusion-detection systems 
down to individual users’ PCs. 

Then begin making a plan to transition to IP 
Version 6 — one of the few clear action items 
on the government’s agenda. 

And then take a page from the government’s 
playbook. As long as all we’re getting from the 
feds is a lot of talk, use that talk. Make sure 
your top brass hear about last week’s talkfest. 
Pull down a copy of “The National Strategy to 
Secure Cyberspace” from www.whitehouse.gov/ 
pcipb. Circle the scary parts. Start laying the 
groundwork for a bigger security budget re- 
quest in the next budget cycle. 

Talk up security with non-IT managers. Un- 
derline the problem. Raise awareness. Ask for 
suggestions. Find out what it will take to get 
users to support security policies instead of 

y fighting them 

Then politic the heck out of your 
successes when you stop viruses, 
worms, intrusions and denial-of- 
service attacks. Let users and man- 
agement know that the threats are 
there and that you can stop them 
— when you have help from users 
and the necessary resources in 
your budget. 

It’s not the same as having the 
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The Old Light Bulb Problem 

Why didn't the generators kick in during the latest 
power outage? wonders sysadmin pilot fish. The an- 
swer: A maintenance worker changing a fluorescent 
light bulb in the computer room accidentally tripped 
the emergency power-off switch when he pushed a 
box against it. “Because the switch is designed to be 
used in an emergency such as fire, injury or flood, the 
UPS system was not activated,” fish sighs. “And this is 
our company's disaster-recovery hot site.” 
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department - although 
he’s not sure they'll 
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? fish can’t generate all 

: the reports requested by 
: users, so his boss offers 
? to pitch in using a Win- 

: writer. “I should be able 
: to figure this out,” boss 
; tells fish. “I used to 

: teach Cobol.” Two 

? weeks later, the boss 

: hasn't written a single 

; report, fish says. “But 

: she did schedule one of 
: the help desk analysts to 
: attend training for the 

; reporting software.” 


_ A Matter of Taste 
: Vendor pilot fish is work- 
: ing with a new engineer, 
: installing the product for 
: a big customer, when 

: the CD with the software 
? doesn’t seem to work. 

: Did you bring a backup? 
i fish asks, “No, but I'll 

: get this one off,” engi- 

: “I knew | was in big 

? trouble when - with sev- 
: eral of the customer's IT 
} bigwigs surrounding us ~ 
: he removed the CD, 

; licked it profusely and 

: put it back. { called the 
: home office to FTP me 
: what | needed ~ and re- 
; quested a new engineer 
? for my team when we 


FEED THE SHARK! Send your true tales of IT life to 
sharky@computerworld.com. You snag a snazzy 


private sector, cost is an issue — it’s 
often the issue. And the lowest bid 
will always have an advantage over 
improved security. 


FRANK HAYES, Computer- 


world's seniot news columnist, 


has covered IT for more than 


20 years. Contact him at 


full, active support of the U.S. gov- 
ernment and IT vendors in secur- 
ing cyberspace. But for now, it’s all 
you're going to get. @ 43293 





Shark shirt if we use it. And check out the daily feed, browse 
the Sharkives and sign up for Shark Tank home delivery at 
computerworld.com/sharky. 





Join Us to Map 
the Future of IT 


Strategic problem-solving and peer networking with the nation’s IT leaders 


Conference sessions will cover these critical areas: 
¢ Extending Data Management, Enterprise Integration and Web Services 


¢ Creating a Next-Generation Infrastructure, Reducing Complexity 
and Enhancing Business Value 


¢ Charting New Directions in IT Governance, Regulatory Compliance 
and Project Leadership 


¢ Advancing Security and Business Continuity 


Computerworld’s Premier 100 IT Leaders Conference is a dramatically different, high 
impact executive event. Now in its Sth year, this annual conference brings together 
hundreds of senior IT executives for a compelling series of high-level discussion panels, 
presentations and peer networking acti 


The Premier 100 IT Leaders for 2004 will be announced and profiled in our January 5, 
2004, issue of Computerworld and honored during a special ceremony at the March 7-9, 
2004, conference. Rich with peer advice and real-world case studies, the conference 
content is built directly from user feedback provided by the honorees themselves. Our 
editors design a no-nonsense agenda that features Premier 100 honorees and other IT 
leaders focusing exclusively on top-of-mind issues and concerns of senior IT management. 
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Exchange Innovative Ideas and 
Strategies with Computerworld’s 


Premier 100 IT Leaders who are: 


¢ Extending Data Management, Enterprise Integration 
& Web Services 


¢ Creating a Next-Generation Infrastructure, 
Reducing Complexity and Enhancing Business Value 


¢ Charting New Directions in IT Governance, 
Regulatory Compliance & Project Leadership 


¢ Advancing Security & Business Continuity 


WHY YOU SHOULD ATTEND 


Are you responsible for mapping the future of your organization's informa- 
tion technology? Want to exchange innovative ideas and strategies with 
other top IT executives? Then attend Computerworld’s Premier 100 IT 
Leaders Conference, the ONLY conference where you can hear from - and 
network with - Computerworld’s Premier 100 IT Leaders. 


WHO ARE THE PREMIER 100? 


They are a unique set of award winning IT executives with valuable lessons 
to share and advice to offer YOU. They are technologists who understand 
business needs, take calculated risks and lead through innovation. They are 
ClOs, vice presidents of IT, directors of IT and business managers honored 
as Computerworld’s Premier 100 from a wide swath of vertical industries. 
When you attend this unique conference, you will hear proven examples of 
how these IT Leaders have advanced their organizations through innovative 
leadership and proven strategies. 


WHAT IS UNIQUE? 


Crafted by Computerworld editors, this conference offers a radical depar- 
ture from the standard IT event. With a focus on great ideas, best practices 
and real applications of IT strategy, you gain direct insight from leading user 
organizations. The major sessions provide highly interactive, entertaining 
discussions with IT Leaders and industry experts - each moderated by 
Computerworld editors in a town-hall meeting format. Key topics center on 
the intersection of technology and business in areas critically important to 
today’s IT manager. 
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Mapping the F 


Monday Keynote Address: 
" From IT Expense to IT Value 








crated anew value agenda for iT within th sean fuming an adversarial relationship with the business side 
partnership, leading a massive outsourcing operation and managing demand for technology services in ways that elimi- 
nated $50 million in exp As one of the earliest of IBM's “Computing on Demand” custom 2002, Salow transi- 
tioned more than 32,000 employees markets to IBM and crafted a similar but smaller de AT&T for nety 
services. The end result is a far more flexible IT infrastructure that responds swiftly to business 
address, Salow will talk about recasting IT from a cr nter to a value producer, and how IT leaders wi 
delivering value will build the best futures for their own companies. 


























Tuesday Keynote Address 
David Bauer, First Vice President and Chief Information Security & 
Privacy Officer, Merrill Lynch 


The Once and Future Infrastructure: 
An Enterprise Reality Check 
Panel Moderator: Patrick Thibodeau, Senior Reporter, Computerworld 


of utility “pay as you go 


IT leaders are inundated with vendor pitches for auton 
y prise? Upgrad 


col —— but how well do these 












demand,” and various forms 

ch the actual needs of tt 
ny companies today, C 
onsolidation, blades and 















This s pane | of expe 
1s and problem-solvini 


of flex bil ity and 
these tough questions as they talk about their strategies, 
and future” infrastructure primed for business growth. 












Evaluating Infrastructure Renewal Through Scenario- 
Based Decision-Making 


Brian Leinbach, SVP of Operations, Delta Technology, Inc. (a unit of 
Delta Air Lines) 
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Riding a Tidal Wave of Change: Data Management, 
Enterprise Integration and Web Services 
Panel Moderator: Don Tennant, News Editor, Computerworld 
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merging. ticular, hold the potential to enable c: 
tware technolc ch as Sun's J2EE and Microsoft's .Net) more effectively, 
ions faster, an grate legacy and Web applications more gracefully. Yet questic 
ppery standard: lianc inue to plague Web services. The 
is especially visible hain, in its wireless strategies and in business intelligence 
efforts. This panel will deliver a lively exchange of experience and advice on the key i surrounding enter 
prise integration, including the skill set and cost challenges driving many companies to outsource development 


Steal This Great Idea: Audience Participation and Working Session 
Moderators: Maryfran Johnson, Editor in Chief, Computerworld, and Mark 
Hall, Opinions Editor/Columnist, Computerworld 
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PRE-CONFERENCE GOLF OUTING: Sponsored by: 
March 7th, 12:00pm The Value of Trast™ 


The Pre-Conference Golf Outing at The Palm Course 
at the JW Marriot Desert Springs, is complimentary 
(165 value) for registered IT End-Users. (Other partici- 
pants, including sponsors and vendors, may play on an 
“as available” basis and are responsible for all 
applicable golf expenses.) 


_ For deta: contact Chis Leger a 508-820-8277 
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Visit www.premier100.com/cwt for an up-to-the-minute agenda 


Project Disasters: How to Predict Them, Prevent 
Them or Pull the Plug on Them 


Paul Glen, President of C2 Consulting, Computerworld Management 
Columnist and Author of “Leading Geeks” 
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Breakfast Address: Homeland Security: 
Public/Private Partnerships & The Cost of Failure 


Dan Verton, Senior Reporter, Computerworld, and author of “Black 
™ Ice: The Invisible Threat of Cyber Terrorism” 
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The Myth of Corporate Security: Why ClOs are Mad as 
Hell and not Going to Take it Anymore 
Alan Paller, Executive Director of Research, SANS Institute 
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No More Excuses: Responding to the Demands of Data 
Privacy Laws, Regulatory Compliance and Other Business 
Mandates on Corporate IT Security 


Panel Moderator: Dan Verton, Senior Reporter, Computerworld, and author of 
“Black Ice: The Invisible Threat of Cyber Terrorism” 
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“Best t in n Claes" Project Leadership Lightning Round 
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7 HOTEL RESERVATIONS 


<i 106 Travels the ofc tavel company forthe Comnuterwoté reir 10 fF 2a 


Talent region eRe ee ee 
Toreserve a hotel room, please visit 
www.etcentral.com 


You can also cal! our Conference Housing line at - 
1-800-340-2262 


Future of IT: March 7-9, 2004 





Seiling Security to Your Beady-Eyed, Bean-Counting CFO 
Doug Lewis, President, The Edge Consulting Group, Atlanta, 
and former CIO, InterContinental Hotels Group 
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" IT Governance, Risk Management and the Future 
] of the IT Organization 
Panel Moderator: Julia King, National Correspondent, Computerworld 
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acne: Human iui The Magic of Creative 
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Moshe Rubinstein, UCLA Distinguished Engineering Professor, and 
author of “The Minding Organization” 
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Mobilize for Innovation 
Thornton May, Futurist and Computerworld Columnist 
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Solve My Problem: A Town Hall Meeting on Risk 
Management and Project Leadership 


Gala Evening: “Best in Class” Awards Ceremony, Dinner, 
Honoree Recognition and Entertainment 


How to Ruin Your Life 


Ben Stein, Author, Humorist, Lawyer, Economist, 
» Actor and Educator 
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Registration Rates 
IT End-User:* 


after January 26, 2004 


$1,795 









yn or to register, visit www.premier100.com/cwt or call 1-800-883-9090. 
complete and fax/mail.the registration application on the reverse. 

























































IT End-User’ Application for Conference Registration 


5th Registration questions? Please call 1-800-883-9090 or Email: plO0reg@computerworld.com 
Annual Visit our website at: www.premier100.com/cwt 


COMPUTERWORLD =| Options: 


Earlybird Full/On-Site 
Registration Registration 


ITEnd-User* —_ $1495 ~=—s« 81,795 ~~ 
Non-Sponsoring Vendor:** $5,000 0 $5,000 


IT LEADERS 
CONFERENCE 


March 7-9, 2004 


JW Marriott Desert 
Springs Resort 
Palm Desert, California Reserve your accommodations at: www.etcentral.com 


ation of what con 


Questions about accommodations? 
Please Call 1-800-340-2262 or Email: eventhousing@idg.com 


Registration Information: (This section must be completed in order to process your application) 





FirstName: ee erat ary ____—_-sdMiddle Initia: == —s LastName: __ 
ae Fe 7 ; se Wa ao eS ge ee agile : 7 


Street Address: _ Se a eae ______ Suite, Apt., etc 


i ; — oe _sState/Prov:  —~—“CSCSC‘«Zisp/Prostal Code: 


Ci 
Country, Ss Phone Number: _____ Extension:__ 


Fax Number: ala atin. =m _—-—sC#E-Mail Address: 


L) Special Services Required? (Pie 
Would you like to receive information about the golf outing on Sunday, March 7th? (Yes CJNo 


Attendee Profile: (This section must be completed in order to process your application) Payment Method 


ob title/function What is your organization's most missior () Check (checks must be received by February 16, 2004 payable to 
)0/Chairman/President critical development/Implementation Computerworld) 
Poe eee raha Mail to: Computerworld, Attn: Pam Malingowski, 500 Old Connecticut Path 
ee Framingham, MA 01701 
(American Express (2 VISA () MasterCard 


Account Number 


he one item that best ¢ 
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Wwolvemer Expiration Date: 


your entire organization? 
$10 B 


$1 Billion - $9.9 B Card Holder Name 


Signature of Card Holder 
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Cancellation Policy cai ot: quire w 
In the event of cancellation, the registrant has three options 


Coo 


He or she may substitute another attendee for this conference 
He or she may transfer this registration to Computerworld’s 2005 Premier 100 IT 
Leaders conference 

3) The registration fee will be refunded, less a $250 service charge, if written 
Notice is received by February 16, 2004 
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Please send cancellation requests via email to p100reg@computerworld.com 
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to be the same server. 


AMD = 


The AMD Opteron processor, superior 32-bit performance with expanded 64-bit capability. 
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It’s the only server processor designed to run your 32- and 64-bit applications simultaneously and without compromise. 
AMD Opteron runs on AMD64, a breakthrough architecture that enables 64-bit technology on the x86 platform—creating 


a new class of computing. 


AMD 


The world’s highest performing 2P and 4P industry standard servers 
are now powered by AMD Opteron processors. Get unparalleled 32-bit 


performance and the ability to transition seamlessly to 64-bit computing. feystaae)4) 


Leverage your existing investments while preparing for the future. It’s one architecture 
across your enterprise that offers industry leading performance for your 32-bit applications, and doesn’t 
require a forklift upgrade as more 64-bit applications emerge. It’s just another way AMD designs and builds 


processors with you in mind. For a closer look at the AMD Opteron processor, visit www.amd.com/opteron 
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